-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Low: libpcap security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:4547-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4547
Issue date:        2020-11-03
CVE Names:         CVE-2019-15165 
====================================================================
1. Summary:

An update for libpcap is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libpcap packages provide a portable framework for low-level network
monitoring. The libpcap library provides network statistics collection,
security monitoring, and network debugging.

The following packages have been upgraded to a later upstream version:
libpcap (1.9.1). (BZ#1806422)

Security Fix(es):

* libpcap: Resource exhaustion during PHB header length validation
(CVE-2019-15165)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1760618 - CVE-2019-15165 libpcap: Resource exhaustion during PHB header length validation
1806422 - rebase libpcap to version 1.9.1

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
libpcap-1.9.1-4.el8.src.rpm

aarch64:
libpcap-1.9.1-4.el8.aarch64.rpm
libpcap-debuginfo-1.9.1-4.el8.aarch64.rpm
libpcap-debugsource-1.9.1-4.el8.aarch64.rpm

ppc64le:
libpcap-1.9.1-4.el8.ppc64le.rpm
libpcap-debuginfo-1.9.1-4.el8.ppc64le.rpm
libpcap-debugsource-1.9.1-4.el8.ppc64le.rpm

s390x:
libpcap-1.9.1-4.el8.s390x.rpm
libpcap-debuginfo-1.9.1-4.el8.s390x.rpm
libpcap-debugsource-1.9.1-4.el8.s390x.rpm

x86_64:
libpcap-1.9.1-4.el8.i686.rpm
libpcap-1.9.1-4.el8.x86_64.rpm
libpcap-debuginfo-1.9.1-4.el8.i686.rpm
libpcap-debuginfo-1.9.1-4.el8.x86_64.rpm
libpcap-debugsource-1.9.1-4.el8.i686.rpm
libpcap-debugsource-1.9.1-4.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
libpcap-debuginfo-1.9.1-4.el8.aarch64.rpm
libpcap-debugsource-1.9.1-4.el8.aarch64.rpm
libpcap-devel-1.9.1-4.el8.aarch64.rpm

ppc64le:
libpcap-debuginfo-1.9.1-4.el8.ppc64le.rpm
libpcap-debugsource-1.9.1-4.el8.ppc64le.rpm
libpcap-devel-1.9.1-4.el8.ppc64le.rpm

s390x:
libpcap-debuginfo-1.9.1-4.el8.s390x.rpm
libpcap-debugsource-1.9.1-4.el8.s390x.rpm
libpcap-devel-1.9.1-4.el8.s390x.rpm

x86_64:
libpcap-debuginfo-1.9.1-4.el8.i686.rpm
libpcap-debuginfo-1.9.1-4.el8.x86_64.rpm
libpcap-debugsource-1.9.1-4.el8.i686.rpm
libpcap-debugsource-1.9.1-4.el8.x86_64.rpm
libpcap-devel-1.9.1-4.el8.i686.rpm
libpcap-devel-1.9.1-4.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-15165
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6IzrdzjgjWX9erEAQgQIQ//a5aX0zZDvzfgVBjjozsBwCHVM/rtVeY3
zmGpqhtEDrbLbkoIHhDpaMaict0mnx0qPib1vKgFAwKa9jYfYrjgyXLORQ9+ojMo
Pds2mFI/8dFAQLzed32K/S32zApKTnqjj3+z7glyJPr3cmgdRtAVXXRKP8mRZfsR
6+5+OnCPofsCwNzycQeHap5QA4W9oWg9DuuN9trGO1JRUU3MSHvh/Ll6IohEp5a6
jrE6I9geAM0UpvAIstrIXYxGQB/xI6LkRT6zyd9ruMZRGQNw/4baOmnuDxTn6Rpo
FdcLxYYVRRypqmFfpfynSpPJXcuRYPOf78UTQt2s3x/FTxoEKm5+tp7WIt1rTS/n
sSCaDI9EpsD91S9gL4A0J4lyHCFi2h6vVdU5EmsLdjz9THEhJ2gwiJmHll3T7syp
pBueyRDK2SLn46Ds9S2yHwv3K9NkPBeXHNZSJcW79jHm8Pqi/d3DkMr51Lo/5A/F
zvLeMSnERLNZdtNIs9RGJJag70S/I+OAqn5PZH2JY/IUe4NA5ttUwDJRqnV5l8iL
2kOm4sSBtjP2/DNHDf1p2hUHPQ+5qnTqEDQaTP+aQ5n7FrQ1wQY4mpSKpQ9IZpZJ
NypZflqz8Rlm4chP5p+8rDhAOpgiTDLaNRdcRGOAtw/9IQVeQkUkEtKGCt4Jmt8W
dX7fKX5N4Gw=wQuL
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-4547:01 Low: libpcap security, bug fix,

An update for libpcap is now available for Red Hat Enterprise Linux 8

Summary

The libpcap packages provide a portable framework for low-level network monitoring. The libpcap library provides network statistics collection, security monitoring, and network debugging.
The following packages have been upgraded to a later upstream version: libpcap (1.9.1). (BZ#1806422)
Security Fix(es):
* libpcap: Resource exhaustion during PHB header length validation (CVE-2019-15165)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index

Package List

Red Hat Enterprise Linux BaseOS (v. 8):
Source: libpcap-1.9.1-4.el8.src.rpm
aarch64: libpcap-1.9.1-4.el8.aarch64.rpm libpcap-debuginfo-1.9.1-4.el8.aarch64.rpm libpcap-debugsource-1.9.1-4.el8.aarch64.rpm
ppc64le: libpcap-1.9.1-4.el8.ppc64le.rpm libpcap-debuginfo-1.9.1-4.el8.ppc64le.rpm libpcap-debugsource-1.9.1-4.el8.ppc64le.rpm
s390x: libpcap-1.9.1-4.el8.s390x.rpm libpcap-debuginfo-1.9.1-4.el8.s390x.rpm libpcap-debugsource-1.9.1-4.el8.s390x.rpm
x86_64: libpcap-1.9.1-4.el8.i686.rpm libpcap-1.9.1-4.el8.x86_64.rpm libpcap-debuginfo-1.9.1-4.el8.i686.rpm libpcap-debuginfo-1.9.1-4.el8.x86_64.rpm libpcap-debugsource-1.9.1-4.el8.i686.rpm libpcap-debugsource-1.9.1-4.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: libpcap-debuginfo-1.9.1-4.el8.aarch64.rpm libpcap-debugsource-1.9.1-4.el8.aarch64.rpm libpcap-devel-1.9.1-4.el8.aarch64.rpm
ppc64le: libpcap-debuginfo-1.9.1-4.el8.ppc64le.rpm libpcap-debugsource-1.9.1-4.el8.ppc64le.rpm libpcap-devel-1.9.1-4.el8.ppc64le.rpm
s390x: libpcap-debuginfo-1.9.1-4.el8.s390x.rpm libpcap-debugsource-1.9.1-4.el8.s390x.rpm libpcap-devel-1.9.1-4.el8.s390x.rpm
x86_64: libpcap-debuginfo-1.9.1-4.el8.i686.rpm libpcap-debuginfo-1.9.1-4.el8.x86_64.rpm libpcap-debugsource-1.9.1-4.el8.i686.rpm libpcap-debugsource-1.9.1-4.el8.x86_64.rpm libpcap-devel-1.9.1-4.el8.i686.rpm libpcap-devel-1.9.1-4.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:4547-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4547
Issued Date: : 2020-11-03
CVE Names: CVE-2019-15165

Topic

An update for libpcap is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64


Bugs Fixed

1760618 - CVE-2019-15165 libpcap: Resource exhaustion during PHB header length validation

1806422 - rebase libpcap to version 1.9.1


Related News