CVE-2014-9140 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9140): Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. CVE-2014-8769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8769): tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. CVE-2014-8768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8768): Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. CVE-2014-8767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8767): Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
There is a tcpdump-4.7.0-bp.tar.gz but I am pretty sure that's not an official release.
Arch teams, please test and mark stable: =net-analyzer/tcpdump-4.6.2-r1 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
x86 done.
Stable for HPPA.
ppc stable
Stable on alpha.
arm stable
sparc stable
ppc64 stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Cleanup was done. GLSA has been drafted and is ready for peer review.
This issue was resolved and addressed in GLSA 201502-05 at http://security.gentoo.org/glsa/glsa-201502-05.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
