|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0503 (tcpdump)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0503: Updated tcpdump package fixes security vulnerabilities 


Date:
    	      Mon, 1 Dec 2014 18:57:31 +0100


Message-ID:
    	      <20141201175731.39A595C7CF@valstar.mageia.org>


MGASA-2014-0503 - Updated tcpdump package fixes security vulnerabilities

Publication date: 01 Dec 2014
URL: http://advisories.mageia.org/MGASA-2014-0503.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2014-8767,
     CVE-2014-8769

Description:
The Tcpdump program could crash when processing a malformed OLSR payload
when the verbose output flag was set (CVE-2014-8767).

The application decoder for the Ad hoc On-Demand Distance Vector (AODV)
protocol in Tcpdump fails to perform input validation and performs unsafe
out-of-bound accesses. The application will usually not crash, but perform
out-of-bounds accesses and output/leak larger amounts of invalid data, which
might lead to dropped packets. It is unknown if a payload exists that might
trigger segfaults (CVE-2014-8769).

References:
- https://bugs.mageia.org/show_bug.cgi?id=14673
- https://lists.fedoraproject.org/pipermail/package-announc...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8767
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769

SRPMS:
- 4/core/tcpdump-4.4.0-2.1.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds