GLSA 201709-23: Tcpdump: Multiple vulnerabilities

Severity:	normal
Title:	Tcpdump: Multiple vulnerabilities
Date:	09/25/2017
Bugs:	#624652, #626462, #630110
ID:	201709-23

Synopsis

Multiple vulnerabilities have been found in Tcpdump, the worst of which may allow execution of arbitrary code.

Background

Tcpdump is a tool for network monitoring and data acquisition.

Affected packages

Package	Vulnerable	Unaffected	Architecture(s)
net-analyzer/tcpdump	< 4.9.2	>= 4.9.2	All supported architectures

Description

Multiple vulnerabilities have been discovered in Tcpdump. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Tcpdump users should upgrade to the latest version:

      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.9.2"
    

References

• CVE-2017-11108
• CVE-2017-11541
• CVE-2017-11542
• CVE-2017-11543
• CVE-2017-11544
• CVE-2017-12893
• CVE-2017-12894
• CVE-2017-12895
• CVE-2017-12896
• CVE-2017-12897
• CVE-2017-12898
• CVE-2017-12899
• CVE-2017-12900
• CVE-2017-12901
• CVE-2017-12902
• CVE-2017-12985
• CVE-2017-12986
• CVE-2017-12987
• CVE-2017-12988
• CVE-2017-12989
• CVE-2017-12990
• CVE-2017-12991
• CVE-2017-12992
• CVE-2017-12993
• CVE-2017-12994
• CVE-2017-12995
• CVE-2017-12996
• CVE-2017-12997
• CVE-2017-12998
• CVE-2017-12999
• CVE-2017-13000
• CVE-2017-13001
• CVE-2017-13002
• CVE-2017-13003
• CVE-2017-13004
• CVE-2017-13005
• CVE-2017-13006
• CVE-2017-13007
• CVE-2017-13008
• CVE-2017-13009
• CVE-2017-13010
• CVE-2017-13011
• CVE-2017-13012
• CVE-2017-13013
• CVE-2017-13014
• CVE-2017-13015
• CVE-2017-13016
• CVE-2017-13017
• CVE-2017-13018
• CVE-2017-13019
• CVE-2017-13020
• CVE-2017-13021
• CVE-2017-13022
• CVE-2017-13023
• CVE-2017-13024
• CVE-2017-13025
• CVE-2017-13026
• CVE-2017-13027
• CVE-2017-13028
• CVE-2017-13029
• CVE-2017-13030
• CVE-2017-13031
• CVE-2017-13032
• CVE-2017-13033
• CVE-2017-13034
• CVE-2017-13035
• CVE-2017-13036
• CVE-2017-13037
• CVE-2017-13038
• CVE-2017-13039
• CVE-2017-13040
• CVE-2017-13041
• CVE-2017-13042
• CVE-2017-13043
• CVE-2017-13044
• CVE-2017-13045
• CVE-2017-13046
• CVE-2017-13047
• CVE-2017-13048
• CVE-2017-13049
• CVE-2017-13050
• CVE-2017-13051
• CVE-2017-13052
• CVE-2017-13053
• CVE-2017-13054
• CVE-2017-13055
• CVE-2017-13687
• CVE-2017-13688
• CVE-2017-13689
• CVE-2017-13690
• CVE-2017-13725

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201709-23.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.