Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201709-23 ] Tcpdump: Multiple vulnerabilities
Date: Mon, 25 Sep 2017 11:57:11
Message-Id: 2562638.NigNvYM9AN@localhost.localdomain
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201709-23
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Tcpdump: Multiple vulnerabilities
9 Date: September 25, 2017
10 Bugs: #624652, #626462, #630110
11 ID: 201709-23
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Tcpdump, the worst of which
19 may allow execution of arbitrary code.
20
21 Background
22 ==========
23
24 Tcpdump is a tool for network monitoring and data acquisition.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-analyzer/tcpdump < 4.9.2 >= 4.9.2
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Tcpdump. Please review
38 the referenced CVE identifiers for details.
39
40 Impact
41 ======
42
43 A remote attacker could possibly execute arbitrary code with the
44 privileges of the process or cause a Denial of Service condition.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All Tcpdump users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.9.2"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2017-11108
63 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11108
64 [ 2 ] CVE-2017-11541
65 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11541
66 [ 3 ] CVE-2017-11542
67 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11542
68 [ 4 ] CVE-2017-11543
69 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11543
70 [ 5 ] CVE-2017-11544
71 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11544
72 [ 6 ] CVE-2017-12893
73 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12893
74 [ 7 ] CVE-2017-12894
75 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12894
76 [ 8 ] CVE-2017-12895
77 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12895
78 [ 9 ] CVE-2017-12896
79 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12896
80 [ 10 ] CVE-2017-12897
81 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12897
82 [ 11 ] CVE-2017-12898
83 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12898
84 [ 12 ] CVE-2017-12899
85 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12899
86 [ 13 ] CVE-2017-12900
87 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12900
88 [ 14 ] CVE-2017-12901
89 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12901
90 [ 15 ] CVE-2017-12902
91 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12902
92 [ 16 ] CVE-2017-12985
93 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12985
94 [ 17 ] CVE-2017-12986
95 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12986
96 [ 18 ] CVE-2017-12987
97 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12987
98 [ 19 ] CVE-2017-12988
99 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12988
100 [ 20 ] CVE-2017-12989
101 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12989
102 [ 21 ] CVE-2017-12990
103 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12990
104 [ 22 ] CVE-2017-12991
105 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12991
106 [ 23 ] CVE-2017-12992
107 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12992
108 [ 24 ] CVE-2017-12993
109 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12993
110 [ 25 ] CVE-2017-12994
111 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12994
112 [ 26 ] CVE-2017-12995
113 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12995
114 [ 27 ] CVE-2017-12996
115 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12996
116 [ 28 ] CVE-2017-12997
117 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12997
118 [ 29 ] CVE-2017-12998
119 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12998
120 [ 30 ] CVE-2017-12999
121 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12999
122 [ 31 ] CVE-2017-13000
123 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13000
124 [ 32 ] CVE-2017-13001
125 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13001
126 [ 33 ] CVE-2017-13002
127 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13002
128 [ 34 ] CVE-2017-13003
129 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13003
130 [ 35 ] CVE-2017-13004
131 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13004
132 [ 36 ] CVE-2017-13005
133 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13005
134 [ 37 ] CVE-2017-13006
135 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13006
136 [ 38 ] CVE-2017-13007
137 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13007
138 [ 39 ] CVE-2017-13008
139 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13008
140 [ 40 ] CVE-2017-13009
141 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13009
142 [ 41 ] CVE-2017-13010
143 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13010
144 [ 42 ] CVE-2017-13011
145 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13011
146 [ 43 ] CVE-2017-13012
147 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13012
148 [ 44 ] CVE-2017-13013
149 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13013
150 [ 45 ] CVE-2017-13014
151 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13014
152 [ 46 ] CVE-2017-13015
153 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13015
154 [ 47 ] CVE-2017-13016
155 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13016
156 [ 48 ] CVE-2017-13017
157 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13017
158 [ 49 ] CVE-2017-13018
159 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13018
160 [ 50 ] CVE-2017-13019
161 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13019
162 [ 51 ] CVE-2017-13020
163 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13020
164 [ 52 ] CVE-2017-13021
165 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13021
166 [ 53 ] CVE-2017-13022
167 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13022
168 [ 54 ] CVE-2017-13023
169 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13023
170 [ 55 ] CVE-2017-13024
171 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13024
172 [ 56 ] CVE-2017-13025
173 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13025
174 [ 57 ] CVE-2017-13026
175 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13026
176 [ 58 ] CVE-2017-13027
177 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13027
178 [ 59 ] CVE-2017-13028
179 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13028
180 [ 60 ] CVE-2017-13029
181 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13029
182 [ 61 ] CVE-2017-13030
183 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13030
184 [ 62 ] CVE-2017-13031
185 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13031
186 [ 63 ] CVE-2017-13032
187 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13032
188 [ 64 ] CVE-2017-13033
189 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13033
190 [ 65 ] CVE-2017-13034
191 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13034
192 [ 66 ] CVE-2017-13035
193 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13035
194 [ 67 ] CVE-2017-13036
195 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13036
196 [ 68 ] CVE-2017-13037
197 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13037
198 [ 69 ] CVE-2017-13038
199 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13038
200 [ 70 ] CVE-2017-13039
201 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13039
202 [ 71 ] CVE-2017-13040
203 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13040
204 [ 72 ] CVE-2017-13041
205 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13041
206 [ 73 ] CVE-2017-13042
207 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13042
208 [ 74 ] CVE-2017-13043
209 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13043
210 [ 75 ] CVE-2017-13044
211 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13044
212 [ 76 ] CVE-2017-13045
213 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13045
214 [ 77 ] CVE-2017-13046
215 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13046
216 [ 78 ] CVE-2017-13047
217 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13047
218 [ 79 ] CVE-2017-13048
219 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13048
220 [ 80 ] CVE-2017-13049
221 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13049
222 [ 81 ] CVE-2017-13050
223 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13050
224 [ 82 ] CVE-2017-13051
225 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13051
226 [ 83 ] CVE-2017-13052
227 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13052
228 [ 84 ] CVE-2017-13053
229 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13053
230 [ 85 ] CVE-2017-13054
231 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13054
232 [ 86 ] CVE-2017-13055
233 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13055
234 [ 87 ] CVE-2017-13687
235 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13687
236 [ 88 ] CVE-2017-13688
237 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13688
238 [ 89 ] CVE-2017-13689
239 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13689
240 [ 90 ] CVE-2017-13690
241 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13690
242 [ 91 ] CVE-2017-13725
243 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13725
244
245 Availability
246 ============
247
248 This GLSA and any updates to it are available for viewing at
249 the Gentoo Security Website:
250
251 https://security.gentoo.org/glsa/201709-23
252
253 Concerns?
254 =========
255
256 Security is a primary focus of Gentoo Linux and ensuring the
257 confidentiality and security of our users' machines is of utmost
258 importance to us. Any security concerns should be addressed to
259 security@g.o or alternatively, you may file a bug at
260 https://bugs.gentoo.org.
261
262 License
263 =======
264
265 Copyright 2017 Gentoo Foundation, Inc; referenced text
266 belongs to its owner(s).
267
268 The contents of this document are licensed under the
269 Creative Commons - Attribution / Share Alike license.
270
271 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups