Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Ubuntu 12.04 ESM USN-3415-2 Moderate: Tcpdump Buffer Overflow Issues

ubuntu
Calendar Grey September 14, 2017
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in tcpdump

Summary

Several security issues were fixed in tcpdump

Software Description:

- tcpdump: command-line network traffic analyzer

Details:

USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS,

Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides the

corresponding tcpdump update for Ubuntu 12.04 ESM.

Original advisory details:

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder

in tcpdump. A remote attacker could use this to cause a denial

of service (application crash) or possibly execute arbitrary

code. (CVE-2017-11543)

Bhargava Shastry discovered a buffer overflow in the bitfield converter

utility function bittok2str_internal() in tcpdump. A remote attacker

could use this to cause a denial of service (application crash)

or possibly execute arbitrary code. (CVE-2017-13011)

Otto Airamo and Antti Levomäki discovered logic errors in different

protocol parsers in tcpdump that could lead to an infinite loop. A

remote attacker...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  tcpdump                         4.9.2-0ubuntu0.12.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3415-2

https://ubuntu.com/security/notices/USN-3415-1

CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543,

CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896,

CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900,

CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986,

CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990,

CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994,

CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998,

CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002,

CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006,

CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010,

CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,

CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,

CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,

CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,

CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,

CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,

CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,

CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,

CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,

CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,

CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,

CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,

CVE-2017-13690, CVE-2017-13725

September 14, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.