Описание
Security update for tcpdump
This update for tcpdump fixes the following issues:
Security issues fixed:
- CVE-2017-11108: Crafted input allowed remote DoS (bsc#1047873)
- CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c (bsc#1057247).
- CVE-2017-11542: Prevent a heap-based buffer over-read in the pimv1_print function in print-pim.c (bsc#1057247).
- CVE-2017-11543: Prevent a buffer overflow in the sliplink_print function in print-sl.c (bsc#1057247).
- CVE-2017-13011: Several protocol parsers in tcpdump could have caused a buffer overflow in util-print.c:bittok2str_internal() (bsc#1057247).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Ссылки
- Link for SUSE-SU-2017:2690-1
- E-Mail link for SUSE-SU-2017:2690-1
- SUSE Security Ratings
- SUSE Bug 1047873
- SUSE Bug 1057247
- SUSE CVE CVE-2017-11108 page
- SUSE CVE CVE-2017-11541 page
- SUSE CVE CVE-2017-11542 page
- SUSE CVE CVE-2017-11543 page
- SUSE CVE CVE-2017-13011 page
Описание
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.
Затронутые продукты
Ссылки
- CVE-2017-11108
- SUSE Bug 1047873
- SUSE Bug 1057247
- SUSE Bug 1123142
Описание
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.
Затронутые продукты
Ссылки
- CVE-2017-11541
- SUSE Bug 1050219
- SUSE Bug 1050222
- SUSE Bug 1050225
- SUSE Bug 1057247
- SUSE Bug 1123142
Описание
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
Затронутые продукты
Ссылки
- CVE-2017-11542
- SUSE Bug 1050219
- SUSE Bug 1050222
- SUSE Bug 1050225
- SUSE Bug 1057247
- SUSE Bug 1123142
Описание
tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.
Затронутые продукты
Ссылки
- CVE-2017-11543
- SUSE Bug 1050219
- SUSE Bug 1050222
- SUSE Bug 1050225
- SUSE Bug 1057247
- SUSE Bug 1123142
Описание
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().
Затронутые продукты
Ссылки
- CVE-2017-13011
- SUSE Bug 1050219
- SUSE Bug 1050222
- SUSE Bug 1050225
- SUSE Bug 1057247
- SUSE Bug 1123142