Lucene search

Slackware Linux ProjectSSA-2017-205-01

HistoryJul 24, 2017 - 9:21 p.m.

[slackware-security] tcpdump

2017-07-2421:21:01

Slackware Linux Project

www.slackware.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

79.1%

JSON

New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/tcpdump-4.9.1-i586-1_slack14.2.txz: Upgraded.
This update fixes an issue where tcpdump 4.9.0 allows remote attackers
to cause a denial of service (heap-based buffer over-read and application
crash) via crafted packet data.
For more information, see:
https://vulners.com/cve/CVE-2017-11108
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/tcpdump-4.9.1-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/tcpdump-4.9.1-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.1-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.1-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.1-x86_64-1.txz

MD5 signatures:

Slackware 13.37 package:
9a5fe67f214fa1b11f9145e863b3c745 tcpdump-4.9.1-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
d6ff914dbc9371173346d33035618c0b tcpdump-4.9.1-x86_64-1_slack13.37.txz

Slackware 14.0 package:
db3c17f626370399d08c450481395bd1 tcpdump-4.9.1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
676c246841f82a885fd1140e3d5682d8 tcpdump-4.9.1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
5bf8605c4bb148bb5efdc8f58f4d6fae tcpdump-4.9.1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
db08fcc0b32edfbcee57bed3fe92aacf tcpdump-4.9.1-x86_64-1_slack14.1.txz

Slackware 14.2 package:
e4118a207372df0170dd1bd337392d31 tcpdump-4.9.1-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
7fd6f286dc3402d3ae5e14352d6ea7b7 tcpdump-4.9.1-x86_64-1_slack14.2.txz

Slackware -current package:
ad5ccf382c3579e011139a600200eda2 n/tcpdump-4.9.1-i586-1.txz

Slackware x86_64 -current package:
36da99a1c72d25d9c3a3779342920889 n/tcpdump-4.9.1-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg tcpdump-4.9.1-i586-1_slack14.2.txz

OSVersionArchitecturePackageVersionFilename
Slackware13.37i486tcpdump< 4.9.1tcpdump-4.9.1-i486-1_slack13.37.txz
Slackware13.37x86_64tcpdump< 4.9.1tcpdump-4.9.1-x86_64-1_slack13.37.txz
Slackware14.0i486tcpdump< 4.9.1tcpdump-4.9.1-i486-1_slack14.0.txz
Slackware14.0x86_64tcpdump< 4.9.1tcpdump-4.9.1-x86_64-1_slack14.0.txz
Slackware14.1i486tcpdump< 4.9.1tcpdump-4.9.1-i486-1_slack14.1.txz
Slackware14.1x86_64tcpdump< 4.9.1tcpdump-4.9.1-x86_64-1_slack14.1.txz
Slackware14.2i586tcpdump< 4.9.1tcpdump-4.9.1-i586-1_slack14.2.txz
Slackware14.2x86_64tcpdump< 4.9.1tcpdump-4.9.1-x86_64-1_slack14.2.txz
Slackwarecurrenti586tcpdump< 4.9.1tcpdump-4.9.1-i586-1.txz
Slackwarecurrentx86_64tcpdump< 4.9.1tcpdump-4.9.1-x86_64-1.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	13.37	i486	tcpdump	< 4.9.1	tcpdump-4.9.1-i486-1_slack13.37.txz
Slackware	13.37	x86_64	tcpdump	< 4.9.1	tcpdump-4.9.1-x86_64-1_slack13.37.txz
Slackware	14.0	i486	tcpdump	< 4.9.1	tcpdump-4.9.1-i486-1_slack14.0.txz
Slackware	14.0	x86_64	tcpdump	< 4.9.1	tcpdump-4.9.1-x86_64-1_slack14.0.txz
Slackware	14.1	i486	tcpdump	< 4.9.1	tcpdump-4.9.1-i486-1_slack14.1.txz
Slackware	14.1	x86_64	tcpdump	< 4.9.1	tcpdump-4.9.1-x86_64-1_slack14.1.txz
Slackware	14.2	i586	tcpdump	< 4.9.1	tcpdump-4.9.1-i586-1_slack14.2.txz
Slackware	14.2	x86_64	tcpdump	< 4.9.1	tcpdump-4.9.1-x86_64-1_slack14.2.txz
Slackware	current	i586	tcpdump	< 4.9.1	tcpdump-4.9.1-i586-1.txz
Slackware	current	x86_64	tcpdump	< 4.9.1	tcpdump-4.9.1-x86_64-1.txz