Описание
Security update for libpcap
This update for libpcap fixes the following issues:
- CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332).
- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libpcap-devel-1.8.1-lp150.3.3.1
libpcap-devel-32bit-1.8.1-lp150.3.3.1
libpcap-devel-static-1.8.1-lp150.3.3.1
libpcap1-1.8.1-lp150.3.3.1
libpcap1-32bit-1.8.1-lp150.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2343-1
- SUSE Security Ratings
- SUSE Bug 1153332
- SUSE CVE CVE-2018-16301 page
- SUSE CVE CVE-2019-15165 page
Описание
The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
Затронутые продукты
openSUSE Leap 15.0:libpcap-devel-1.8.1-lp150.3.3.1
openSUSE Leap 15.0:libpcap-devel-32bit-1.8.1-lp150.3.3.1
openSUSE Leap 15.0:libpcap-devel-static-1.8.1-lp150.3.3.1
openSUSE Leap 15.0:libpcap1-1.8.1-lp150.3.3.1
Ссылки
- CVE-2018-16301
- SUSE Bug 1153098
- SUSE Bug 1153332
- SUSE Bug 1195825
Описание
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
Затронутые продукты
openSUSE Leap 15.0:libpcap-devel-1.8.1-lp150.3.3.1
openSUSE Leap 15.0:libpcap-devel-32bit-1.8.1-lp150.3.3.1
openSUSE Leap 15.0:libpcap-devel-static-1.8.1-lp150.3.3.1
openSUSE Leap 15.0:libpcap1-1.8.1-lp150.3.3.1
Ссылки
- CVE-2019-15165
- SUSE Bug 1153332