Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 601
Alerts This Week
Warning Icon 1 601

Ubuntu 17.04 USN-3415-1: Moderate Tcpdump Denial Of Service Risks

ubuntu
Calendar Grey September 14, 2017
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in tcpdump.

Summary

Several security issues were fixed in tcpdump.

Software Description:

- tcpdump: command-line network traffic analyzer

Details:

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder

in tcpdump. A remote attacker could use this to cause a denial

of service (application crash) or possibly execute arbitrary

code. (CVE-2017-11543)

Bhargava Shastry discovered a buffer overflow in the bitfield converter

utility function bittok2str_internal() in tcpdump. A remote attacker

could use this to cause a denial of service (application crash)

or possibly execute arbitrary code. (CVE-2017-13011)

Otto Airamo and Antti Levomäki discovered logic errors in different

protocol parsers in tcpdump that could lead to an infinite loop. A

remote attacker could use these to cause a denial of service

(application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995,

CVE-2017-12997)

Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz,

Katie Holly, Kim Gw...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  tcpdump                         4.9.2-0ubuntu0.17.04.2

Ubuntu 16.04 LTS:
  tcpdump                         4.9.2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  tcpdump                         4.9.2-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References

CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543,

CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896,

CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900,

CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986,

CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990,

CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994,

CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998,

CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002,

CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006,

CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010,

CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,

CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,

CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,

CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,

CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,

CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,

CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,

CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,

CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,

CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,

CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,

CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,

CVE-2017-13690, CVE-2017-13725

September 14, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.