Gentoo FoundationMGASA-2017-0335Updated tcpdump packages fix security vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.161 Low
EPSS
Percentile
95.9%
Summary for 4.9.2 tcpdump release Do not use getprotobynumber() for protocol name resolution. Do not do any protocol name resolution if -n is specified. Improve errors detection in the test scripts. Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. Clean up IS-IS printing. Fix buffer overflow vulnerabilities: CVE-2017-11543 (SLIP), CVE-2017-13011 (bittok2str_internal) Fix infinite loop vulnerabilities: CVE-2017-12989 (RESP), CVE-2017-12990 (ISAKMP), CVE-2017-12995 (DNS), CVE-2017-12997 (LLDP). Fix buffer over-read vulnerabilities: CVE-2017-11541 (safeputs), CVE-2017-11542 (PIMv1), CVE-2017-12893 (SMB/CIFS), CVE-2017-12894 (lookup_bytestring), CVE-2017-12895 (ICMP), CVE-2017-12896 (ISAKMP), CVE-2017-12897 (ISO CLNS), CVE-2017-12898 (NFS), CVE-2017-12899 (DECnet), CVE-2017-12900 (tok2strbuf), CVE-2017-12901 (EIGRP), CVE-2017-12902 (Zephyr), CVE-2017-12985 (IPv6), CVE-2017-12986 (IPv6 routing headers), CVE-2017-12987 (IEEE 802.11), CVE-2017-12988 (telnet), CVE-2017-12991 (BGP), CVE-2017-12992 (RIPng), CVE-2017-12993 (Juniper), CVE-2017-11542 (PIMv1), CVE-2017-11541 (safeputs), CVE-2017-12994 (BGP), CVE-2017-12996 (PIMv2), CVE-2017-12998 (ISO IS-IS), CVE-2017-12999 (ISO IS-IS), CVE-2017-13000 (IEEE 802.15.4), CVE-2017-13001 (NFS), CVE-2017-13002 (AODV), CVE-2017-13003 (LMP), CVE-2017-13004 (Juniper), CVE-2017-13005 (NFS), CVE-2017-13006 (L2TP), CVE-2017-13007 (Apple PKTAP), CVE-2017-13008 (IEEE 802.11), CVE-2017-13009 (IPv6 mobility), CVE-2017-13010 (BEEP), CVE-2017-13012 (ICMP), CVE-2017-13013 (ARP), CVE-2017-13014 (White Board), CVE-2017-13015 (EAP), CVE-2017-11543 (SLIP), CVE-2017-13016 (ISO ES-IS), CVE-2017-13017 (DHCPv6), CVE-2017-13018 (PGM), CVE-2017-13019 (PGM), CVE-2017-13020 (VTP), CVE-2017-13021 (ICMPv6), CVE-2017-13022 (IP), CVE-2017-13023 (IPv6 mobility), CVE-2017-13024 (IPv6 mobility), CVE-2017-13025 (IPv6 mobility), CVE-2017-13026 (ISO IS-IS), CVE-2017-13027 (LLDP), CVE-2017-13028 (BOOTP), CVE-2017-13029 (PPP), CVE-2017-13030 (PIM), CVE-2017-13031 (IPv6 fragmentation header), CVE-2017-13032 (RADIUS), CVE-2017-13033 (VTP), CVE-2017-13034 (PGM), CVE-2017-13035 (ISO IS-IS), CVE-2017-13036 (OSPFv3), CVE-2017-13037 (IP), CVE-2017-13038 (PPP), CVE-2017-13039 (ISAKMP), CVE-2017-13040 (MPTCP), CVE-2017-13041 (ICMPv6), CVE-2017-13042 (HNCP), CVE-2017-13043 (BGP), CVE-2017-13044 (HNCP), CVE-2017-13045 (VQP), CVE-2017-13046 (BGP), CVE-2017-13047 (ISO ES-IS), CVE-2017-13048 (RSVP), CVE-2017-13049 (Rx), CVE-2017-13050 (RPKI-Router), CVE-2017-13051 (RSVP), CVE-2017-13052 (CFM), CVE-2017-13053 (BGP), CVE-2017-13054 (LLDP), CVE-2017-13055 (ISO IS-IS), CVE-2017-13687 (Cisco HDLC), CVE-2017-13688 (OLSR), CVE-2017-13689 (IKEv1), CVE-2017-13690 (IKEv2), CVE-2017-13725 (IPv6 routing headers)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 5 | noarch | tcpdump | < 4.9.2-1 | tcpdump-4.9.2-1.mga5 |
| Mageia | 6 | noarch | tcpdump | < 4.9.2-1 | tcpdump-4.9.2-1.mga6 |
References
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.161 Low
EPSS
Percentile
95.9%