[SECURITY] [DSA 3086-1] tcpdump security update

2014-12-0319:16:29

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.158 Low

EPSS

Percentile

95.9%

JSON

Debian Security Advisory DSA-3086-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
December 03, 2014 http://www.debian.org/security/faq

Package : tcpdump
CVE ID : CVE-2014-8767 CVE-2014-8769 CVE-2014-9140
Debian Bug : 770424 770434

Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service, leaking sensitive information from memory or, potentially,
execution of arbitrary code.

For the stable distribution (wheezy), these problems have been fixed in
version 4.3.0-1+deb7u1.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 4.6.2-3.

For the unstable distribution (sid), these problems have been fixed in
version 4.6.2-3.

We recommend that you upgrade your tcpdump packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7amd64tcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_amd64.deb
Debian7alltcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_all.deb
Debian7i386tcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_i386.deb
Debian7mipseltcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_mipsel.deb
Debian7s390xtcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_s390x.deb
Debian7mipstcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_mips.deb
Debian7powerpctcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_powerpc.deb
Debian7armeltcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_armel.deb
Debian6i386tcpdump< 4.1.1-1+deb6u1tcpdump_4.1.1-1+deb6u1_i386.deb
Debian7kfreebsd-amd64tcpdump< 4.3.0-1+deb7u1tcpdump_4.3.0-1+deb7u1_kfreebsd-amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_amd64.deb
Debian	7	all	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_all.deb
Debian	7	i386	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_i386.deb
Debian	7	mipsel	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_mipsel.deb
Debian	7	s390x	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_s390x.deb
Debian	7	mips	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_mips.deb
Debian	7	powerpc	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_powerpc.deb
Debian	7	armel	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_armel.deb
Debian	6	i386	tcpdump	< 4.1.1-1+deb6u1	tcpdump_4.1.1-1+deb6u1_i386.deb
Debian	7	kfreebsd-amd64	tcpdump	< 4.3.0-1+deb7u1	tcpdump_4.3.0-1+deb7u1_kfreebsd-amd64.deb