Home / mailings [gentoo-announce] [ GLSA 201709-23 ] Tcpdump: Multiple vulnerabilities
Posted on 25 September 2017
Gentoo-announce--nextPart1859636.lEQLo7jYs1
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Tcpdump: Multiple vulnerabilities
Date: September 25, 2017
Bugs: #624652, #626462, #630110
ID: 201709-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Tcpdump, the worst of which
may allow execution of arbitrary code.
Background
==========
Tcpdump is a tool for network monitoring and data acquisition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/tcpdump < 4.9.2 >= 4.9.2
Description
===========
Multiple vulnerabilities have been discovered in Tcpdump. Please review
the referenced CVE identifiers for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process or cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Tcpdump users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.9.2"
References
==========
[ 1 ] CVE-2017-11108
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11108
[ 2 ] CVE-2017-11541
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11541
[ 3 ] CVE-2017-11542
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11542
[ 4 ] CVE-2017-11543
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11543
[ 5 ] CVE-2017-11544
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11544
[ 6 ] CVE-2017-12893
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12893
[ 7 ] CVE-2017-12894
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12894
[ 8 ] CVE-2017-12895
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12895
[ 9 ] CVE-2017-12896
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12896
[ 10 ] CVE-2017-12897
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12897
[ 11 ] CVE-2017-12898
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12898
[ 12 ] CVE-2017-12899
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12899
[ 13 ] CVE-2017-12900
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12900
[ 14 ] CVE-2017-12901
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12901
[ 15 ] CVE-2017-12902
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12902
[ 16 ] CVE-2017-12985
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12985
[ 17 ] CVE-2017-12986
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12986
[ 18 ] CVE-2017-12987
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12987
[ 19 ] CVE-2017-12988
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12988
[ 20 ] CVE-2017-12989
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12989
[ 21 ] CVE-2017-12990
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12990
[ 22 ] CVE-2017-12991
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12991
[ 23 ] CVE-2017-12992
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12992
[ 24 ] CVE-2017-12993
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12993
[ 25 ] CVE-2017-12994
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12994
[ 26 ] CVE-2017-12995
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12995
[ 27 ] CVE-2017-12996
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12996
[ 28 ] CVE-2017-12997
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12997
[ 29 ] CVE-2017-12998
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12998
[ 30 ] CVE-2017-12999
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12999
[ 31 ] CVE-2017-13000
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13000
[ 32 ] CVE-2017-13001
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13001
[ 33 ] CVE-2017-13002
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13002
[ 34 ] CVE-2017-13003
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13003
[ 35 ] CVE-2017-13004
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13004
[ 36 ] CVE-2017-13005
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13005
[ 37 ] CVE-2017-13006
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13006
[ 38 ] CVE-2017-13007
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13007
[ 39 ] CVE-2017-13008
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13008
[ 40 ] CVE-2017-13009
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13009
[ 41 ] CVE-2017-13010
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13010
[ 42 ] CVE-2017-13011
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13011
[ 43 ] CVE-2017-13012
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13012
[ 44 ] CVE-2017-13013
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13013
[ 45 ] CVE-2017-13014
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13014
[ 46 ] CVE-2017-13015
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13015
[ 47 ] CVE-2017-13016
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13016
[ 48 ] CVE-2017-13017
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13017
[ 49 ] CVE-2017-13018
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13018
[ 50 ] CVE-2017-13019
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13019
[ 51 ] CVE-2017-13020
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13020
[ 52 ] CVE-2017-13021
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13021
[ 53 ] CVE-2017-13022
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13022
[ 54 ] CVE-2017-13023
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13023
[ 55 ] CVE-2017-13024
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13024
[ 56 ] CVE-2017-13025
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13025
[ 57 ] CVE-2017-13026
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13026
[ 58 ] CVE-2017-13027
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13027
[ 59 ] CVE-2017-13028
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13028
[ 60 ] CVE-2017-13029
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13029
[ 61 ] CVE-2017-13030
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13030
[ 62 ] CVE-2017-13031
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13031
[ 63 ] CVE-2017-13032
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13032
[ 64 ] CVE-2017-13033
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13033
[ 65 ] CVE-2017-13034
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13034
[ 66 ] CVE-2017-13035
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13035
[ 67 ] CVE-2017-13036
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13036
[ 68 ] CVE-2017-13037
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13037
[ 69 ] CVE-2017-13038
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13038
[ 70 ] CVE-2017-13039
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13039
[ 71 ] CVE-2017-13040
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13040
[ 72 ] CVE-2017-13041
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13041
[ 73 ] CVE-2017-13042
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13042
[ 74 ] CVE-2017-13043
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13043
[ 75 ] CVE-2017-13044
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13044
[ 76 ] CVE-2017-13045
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13045
[ 77 ] CVE-2017-13046
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13046
[ 78 ] CVE-2017-13047
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13047
[ 79 ] CVE-2017-13048
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13048
[ 80 ] CVE-2017-13049
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13049
[ 81 ] CVE-2017-13050
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13050
[ 82 ] CVE-2017-13051
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13051
[ 83 ] CVE-2017-13052
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13052
[ 84 ] CVE-2017-13053
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13053
[ 85 ] CVE-2017-13054
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13054
[ 86 ] CVE-2017-13055
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13055
[ 87 ] CVE-2017-13687
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13687
[ 88 ] CVE-2017-13688
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13688
[ 89 ] CVE-2017-13689
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13689
[ 90 ] CVE-2017-13690
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13690
[ 91 ] CVE-2017-13725
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13725
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201709-23
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--nextPart1859636.lEQLo7jYs1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit