SUSE-RU-2015:0335-1

Опубликовано: 20 мар. 2015

Источник: suse-cvrf

Описание

Security update for tcpdump

When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network.

The following vulnerabilities in protocol printers have been fixed:

* IPv6 mobility printer remote DoS (CVE-2015-0261, bnc#922220) * Ethernet printer remote DoS (CVE-2015-2154, bnc#922222) * PPP printer remote DoS (CVE-2014-9140, bnc#923142)

Security Issues:

* CVE-2015-0261 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261> * CVE-2015-2154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154> * CVE-2014-9140 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3

tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3-TERADATA

tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3

tcpdump-3.9.8-1.27.1

Ссылки

https://www.suse.com/support/update/announcement//suse-ru-20150335-1/
Link for SUSE-RU-2015:0335-1
https://lists.suse.com/pipermail/sle-updates/2015-February/002661.html
E-Mail link for SUSE-RU-2015:0335-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/905870
SUSE Bug 905870
https://bugzilla.suse.com/905872
SUSE Bug 905872
https://bugzilla.suse.com/912943
SUSE Bug 912943
https://bugzilla.suse.com/922220
SUSE Bug 922220
https://bugzilla.suse.com/922222
SUSE Bug 922222
https://bugzilla.suse.com/923142
SUSE Bug 923142
https://www.suse.com/security/cve/CVE-2014-8767/
SUSE CVE CVE-2014-8767 page
https://www.suse.com/security/cve/CVE-2014-8769/
SUSE CVE CVE-2014-8769 page
https://www.suse.com/security/cve/CVE-2014-9140/
SUSE CVE CVE-2014-9140 page
https://www.suse.com/security/cve/CVE-2015-0261/
SUSE CVE CVE-2015-0261 page
https://www.suse.com/security/cve/CVE-2015-2154/
SUSE CVE CVE-2015-2154 page

Описание

Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3:tcpdump-3.9.8-1.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-8767.html
CVE-2014-8767
https://bugzilla.suse.com/905870
SUSE Bug 905870
https://bugzilla.suse.com/905871
SUSE Bug 905871

Описание

tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3:tcpdump-3.9.8-1.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-8769.html
CVE-2014-8769
https://bugzilla.suse.com/905871
SUSE Bug 905871
https://bugzilla.suse.com/905872
SUSE Bug 905872

Описание

Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3:tcpdump-3.9.8-1.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-9140.html
CVE-2014-9140
https://bugzilla.suse.com/923142
SUSE Bug 923142

Описание

Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3:tcpdump-3.9.8-1.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-0261.html
CVE-2015-0261
https://bugzilla.suse.com/922220
SUSE Bug 922220

Описание

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server 11 SP3:tcpdump-3.9.8-1.27.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3:tcpdump-3.9.8-1.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-2154.html
CVE-2015-2154
https://bugzilla.suse.com/922222
SUSE Bug 922222

SUSE-RU-2015:0335-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server for SAP Applications 11 SP3

Ссылки

Уязвимость: CVE-2014-8767

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2014-8769

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2014-9140

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-0261

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-2154

Описание

Затронутые продукты

Ссылки