Bug 50397 - tcpdump: Multiple issues (4.3)
tcpdump: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-5-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-10-22 08:14 CEST by Quality Assurance
Modified: 2019-10-23 15:28 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) Debian RedHat


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-10-22 08:14:31 CEST
New Debian tcpdump 4.9.3-1~deb9u1 fixes:
This update addresses the following issues:
* heap-based buffer over-read in aoe_print in print-aoe.c and lookup_emem in  addrtoname.c (CVE-2017-16808)
* tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).  (CVE-2018-10103)
* tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).  (CVE-2018-10105)
* Buffer over-read in ldp_tlv_print() function in print-ldp.c  (CVE-2018-14461)
* Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)
* Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)
* Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c  (CVE-2018-14464)
* Buffer over-read in rsvp_obj_print() function in print-rsvp.c  (CVE-2018-14465)
* Buffer over-read in print-icmp6.c (CVE-2018-14466)
* Buffer over-read in bgp_capabilities_print() in print-bgp.c  (CVE-2018-14467)
* Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)
* Buffer over-read in ikev1_n_print() function in print-isakmp.c  (CVE-2018-14469)
* Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)
* Buffer overflow in get_next_file() in tcpdump.c (CVE-2018-14879)
* Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c  (CVE-2018-14880)
* Buffer over-read in bgp_capabilities_print() function in print-bgp.c  (CVE-2018-14881)
* Buffer over-read in print-icmp6.c (CVE-2018-14882)
* Buffer over-read in print-802_11.c (CVE-2018-16227)
* Buffer over-read in print_prefix() function in print-hncp.c  (CVE-2018-16228)
* Buffer over-read in dccp_print_option() function in print-dccp.c  (CVE-2018-16229)
* Buffer over-read in bgp_attr_print() function in print-bgp.c  (CVE-2018-16230)
* Resource exhaustion in bgp_attr_print() function in print-bgp.c  (CVE-2018-16300)
* Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)
* Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)
* Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c  (CVE-2019-15166)
Comment 1 Quality Assurance univentionstaff 2019-10-22 09:00:15 CEST
--- mirror/ftp/4.3/unmaintained/4.3-0/source/tcpdump_4.9.2-1~deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-5/source/tcpdump_4.9.3-1~deb9u1.dsc
@@ -1,3 +1,9 @@
+4.9.3-1~deb9u1 [Sat, 19 Oct 2019 17:18:00 +0200] Romain Francoise <rfrancoise@debian.org>:
+
+  * New upstream release, with fixes for 24 different CVEs (closes: #941698).
+    This is an upstream update on top of the 4.9.2-1~deb9u1 package.
+  * Disable tests that require a newer libpcap version.
+
 4.9.2-1~deb9u1 [Sat, 09 Sep 2017 20:33:48 +0200] Romain Francoise <rfrancoise@debian.org>:
 
   * New upstream release, fixing 90 new CVEs. See the upstream changelog

<http://10.200.17.11/4.3-5/#4269081964802899867>
Comment 2 Philipp Hahn univentionstaff 2019-10-22 13:29:00 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-5] 608fe02e47 Bug #50397: tcpdump 4.9.3-1~deb9u1
 doc/errata/staging/tcpdump.yaml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

[4.3-5] c8114478fb Bug #50397: tcpdump 4.9.3-1~deb9u1
 doc/errata/staging/tcpdump.yaml | 75 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
Comment 3 Erik Damrose univentionstaff 2019-10-23 15:28:18 CEST
<http://errata.software-univention.de/ucs/4.3/605.html>