Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2019-274-01
HistoryOct 02, 2019 - 6:51 a.m.

[slackware-security] tcpdump

2019-10-0206:51:41
Slackware Linux Project
www.slackware.com
36

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

85.6%

JSON

New libpcap and tcpdump packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz: Upgraded.
This update is required for the new version of tcpdump.
patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz: Upgraded.
Fix buffer overflow/overread vulnerabilities and command line
argument/local issues.
For more information, see:
https://vulners.com/cve/CVE-2017-16808
https://vulners.com/cve/CVE-2018-14468
https://vulners.com/cve/CVE-2018-14469
https://vulners.com/cve/CVE-2018-14470
https://vulners.com/cve/CVE-2018-14466
https://vulners.com/cve/CVE-2018-14461
https://vulners.com/cve/CVE-2018-14462
https://vulners.com/cve/CVE-2018-14465
https://vulners.com/cve/CVE-2018-14881
https://vulners.com/cve/CVE-2018-14464
https://vulners.com/cve/CVE-2018-14463
https://vulners.com/cve/CVE-2018-14467
https://vulners.com/cve/CVE-2018-10103
https://vulners.com/cve/CVE-2018-10105
https://vulners.com/cve/CVE-2018-14880
https://vulners.com/cve/CVE-2018-16451
https://vulners.com/cve/CVE-2018-14882
https://vulners.com/cve/CVE-2018-16227
https://vulners.com/cve/CVE-2018-16229
https://vulners.com/cve/CVE-2018-16301
https://vulners.com/cve/CVE-2018-16230
https://vulners.com/cve/CVE-2018-16452
https://vulners.com/cve/CVE-2018-16300
https://vulners.com/cve/CVE-2018-16228
https://vulners.com/cve/CVE-2019-15166
https://vulners.com/cve/CVE-2019-15167
https://vulners.com/cve/CVE-2018-14879
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz

MD5 signatures:

Slackware 14.0 packages:
0855bcc24c0d39f6ec3c6fa7d956ebf4 libpcap-1.9.1-i486-1_slack14.0.txz
1c53d8ea7923c5947dbbf0eb2dfca2aa tcpdump-4.9.3-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
080435560c6498ba82e3131d9d7f36e4 libpcap-1.9.1-x86_64-1_slack14.0.txz
3740823881e104943cb15be6870a0e7d tcpdump-4.9.3-x86_64-1_slack14.0.txz

Slackware 14.1 packages:
7f1dffd77993897a3729c1fb3ea5e395 libpcap-1.9.1-i486-1_slack14.1.txz
b267563e154bbddab251e8e2c7a11f69 tcpdump-4.9.3-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages:
1177a6f007a4924c2116d15f8cb92900 libpcap-1.9.1-x86_64-1_slack14.1.txz
de9844ab61993927903a91fc05450c8c tcpdump-4.9.3-x86_64-1_slack14.1.txz

Slackware 14.2 packages:
2672c9a84590170ff8f7f2b233af9a38 libpcap-1.9.1-i586-1_slack14.2.txz
578dbf94aa192915243e2d200c557cc5 tcpdump-4.9.3-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
16f70962eebe606d3d9668202752bc51 libpcap-1.9.1-x86_64-1_slack14.2.txz
0a4b8400d30a84bc1df774b3537cb4b5 tcpdump-4.9.3-x86_64-1_slack14.2.txz

Slackware -current packages:
8765839c82fc67a8075b9e1c5211776b l/libpcap-1.9.0-i586-1.txz
9de3c38d7c061534d28b5b599ab5d563 n/tcpdump-4.9.2-i586-3.txz

Slackware x86_64 -current packages:
cb278799afec0d6e99ce9a126b9e65f3 l/libpcap-1.9.1-x86_64-1.txz
2d14083ccadb447e5af06e0f940fefa5 n/tcpdump-4.9.3-x86_64-1.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg libpcap-1.9.1-i586-1_slack14.2.txz tcpdump-4.9.3-i586-1_slack14.2.txz

Related

nessus 38
ibm 1
aix 1
openvas 24
almalinux 1
redhat 2
suse 2
osv 13
debian 2
rocky 1
rosalinux 1
oraclelinux 1
fedora 3
cloudfoundry 1
ubuntu 2
photon 6
f5 3
mageia 1
apple 2
prion 9
cve 12
amazon 2
alpinelinux 12
debiancve 10
ubuntucve 15
redhatcve 8
nvd 8
cvelist 8
veracode 9
hackerone 1
nessus
nessus
AIX 7.2 TL 3 : tcpdump (IJ20785)
2020-01-09 00:00:00
Photon OS 2.0: Tcpdump PHSA-2019-2.0-0182
2019-10-22 00:00:00
Rocky Linux 8 : tcpdump (RLSA-2020:4760)
2023-11-06 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in tcpdump affect AIX
2021-02-26 18:48:40
aix
aix
There is a vulnerability in tcpdump that affects AIX.,There is a vulnerability in tcpdump that affects VIOS.
2020-01-08 12:57:55
openvas
openvas
Slackware: Security Advisory (SSA:2019-274-01)
2022-04-21 00:00:00
tcpdump < 4.9.3 Multiple Vulnerabilities
2019-10-21 00:00:00
Debian: Security Advisory (DLA-1955-1)
2019-10-12 00:00:00
almalinux
almalinux
Moderate: tcpdump security, bug fix, and enhancement update
2020-11-03 12:33:49
redhat
redhat
(RHSA-2020:4760) Moderate: tcpdump security, bug fix, and enhancement update
2020-11-03 12:33:49
(RHSA-2021:2191) Moderate: tcpdump security update
2021-06-01 14:27:50
suse
suse
Security update for tcpdump (important)
2019-10-20 00:00:00
Security update for tcpdump (important)
2019-10-20 00:00:00
osv
osv
Moderate: tcpdump security, bug fix, and enhancement update
2020-11-03 12:33:49
tcpdump - security update
2019-10-10 00:00:00
tcpdump - security update
2019-10-21 00:00:00
debian
debian
[SECURITY] [DSA 4547-1] tcpdump security update
2019-10-21 21:26:24
[SECURITY] [DLA 1955-1] tcpdump security update
2019-10-11 20:27:37
rocky
rocky
tcpdump security, bug fix, and enhancement update
2020-11-03 12:33:49
rosalinux
rosalinux
Advisory ROSA-SA-2021-1985
2021-07-02 18:15:22
oraclelinux
oraclelinux
tcpdump security, bug fix, and enhancement update
2020-11-10 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: tcpdump-4.9.3-1.fc31
2019-10-30 00:58:06
[SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29
2019-10-25 18:09:47
[SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30
2019-10-28 01:03:58
cloudfoundry
cloudfoundry
USN-4252-1: tcpdump vulnerabilities | Cloud Foundry
2020-02-12 00:00:00
ubuntu
ubuntu
tcpdump vulnerabilities
2020-01-27 00:00:00
tcpdump vulnerabilities
2020-01-27 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0182
2019-10-15 00:00:00
Critical Photon OS Security Update - PHSA-2019-0182
2019-10-15 00:00:00
Critical Photon OS Security Update - PHSA-2019-0034
2019-10-15 00:00:00
f5
f5
K44551633 : Multiple tcpdump vulnerabilities
2019-11-11 00:00:00
K51512510 : tcpdump vulnerability CVE-2018-14879
2019-11-08 00:00:00
K04367730 : FRF.16 parser vulnerability CVE-2018-14468
2019-11-04 00:00:00
mageia
mageia
Updated libpcap and tcpdump packages fix security vulnerabilities
2019-10-17 01:22:41
apple
apple
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
2020-11-12 07:38:35
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
2019-12-10 00:00:00
prion
prion
Code injection
2019-10-03 16:15:00
Code injection
2022-08-27 06:15:00
Heap overflow
2017-11-13 21:29:00
cve
cve
CVE-2018-14463
2019-10-03 16:15:11
CVE-2019-15167
2022-08-27 06:15:07
CVE-2018-14467
2019-10-03 16:15:11
amazon
amazon
Medium: tcpdump
2023-07-05 22:01:00
Medium: tcpdump
2022-12-01 17:33:00
alpinelinux
alpinelinux
CVE-2018-14463
2019-10-03 16:15:11
CVE-2019-15167
2022-08-27 06:15:07
CVE-2018-14465
2019-10-03 16:15:11
debiancve
debiancve
CVE-2019-15167
2022-08-27 06:15:07
CVE-2018-14463
2019-10-03 16:15:11
CVE-2017-16808
2017-11-13 21:29:00
ubuntucve
ubuntucve
CVE-2019-15167
2019-09-30 00:00:00
CVE-2018-14463
2019-09-30 00:00:00
CVE-2017-16808
2017-11-13 00:00:00
redhatcve
redhatcve
CVE-2019-15167
2023-10-02 14:54:29
CVE-2017-16808
2017-11-23 20:19:32
CVE-2018-14880
2019-10-10 18:17:57
nvd
nvd
CVE-2019-15167
2022-08-27 06:15:07
CVE-2018-14463
2019-10-03 16:15:11
CVE-2017-16808
2017-11-13 21:29:00
cvelist
cvelist
CVE-2018-14463
2019-10-03 15:12:23
CVE-2019-15167
2022-08-27 05:47:36
CVE-2018-14467
2019-10-03 15:24:35
veracode
veracode
Arbitrary Code Execution
2020-08-06 21:30:28
Denial Of Service (DoS)
2020-08-06 21:35:38
Denial Of Service (DoS)
2020-08-06 21:28:16
hackerone
hackerone
Internet Bug Bounty: tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c
2020-03-25 15:43:57

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

85.6%

JSON
Related for SSA-2019-274-01
nessus38ibm1aix1openvas24almalinux1redhat2suse2osv13debian2rocky1rosalinux1oraclelinux1fedora3cloudfoundry1ubuntu2photon6f53mageia1apple2prion9cve12amazon2alpinelinux12debiancve10ubuntucve15redhatcve8nvd8cvelist8veracode9hackerone1