Summary: | <net-analyzer/tcpdump-4.9.0 - multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Denis Ovsienko <denis> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jer, vapier, zerochaos |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=net-libs/libpcap-1.8.1 arm
=net-analyzer/tcpdump-4.9.0
|
Runtime testing required: | --- |
Description
Denis Ovsienko
2017-01-19 15:49:56 UTC
Sweet. Just 2 emails sent out instead of 41 as in bug #606508. *** Bug 606508 has been marked as a duplicate of this bug. *** OK, now what? (In reply to Denis Ovsienko from comment #1) > Sweet. Just 2 emails sent out instead of 41 as in bug #606508. Did they give you an embargo date or just a tentative "few weeks?" Also, they have made the release which is already in the Gentoo repo considering no embargo details were given. This report is so backwards and tcpdump has done this completely wrong... assuming their intent was to restrict the release. The embargo date for tcpdump-4.9.0 is February 2nd. I do not monitor what is going on in Gentoo repository, whatever it is I am not responsible for that. (In reply to Denis Ovsienko from comment #5) > The embargo date for tcpdump-4.9.0 is February 2nd. I do not monitor what is > going on in Gentoo repository, whatever it is I am not responsible for that. A report with no embargo date is unsatisfactory. Only out of due diligence we restricted the bug and now we ask for clarification and we receive none from the original reporter? Why would tcpdump upstream release such a confusing report? Are you affiliated with tcpdump in any official capacity? I am a member of the tcpdump group and I had composed the report. To set the embargo lift date we needed to get feedback from security teams first, which we now have so the date is as specified above. If you have any other questions, please ask. (In reply to Denis Ovsienko from comment #7) > I am a member of the tcpdump group and I had composed the report. To set the > embargo lift date we needed to get feedback from security teams first, which > we now have so the date is as specified above. If you have any other > questions, please ask. Yes, I have a couple of more questions. We have already pushed an ebuild to our repository and the sources have now been mirrored due to the first erroneous bug report. Due to this error notifications were sent (as you know) to individuals who are not a part of the Gentoo security team, thus making it public. Do you want us to retain the restriction despite the public disclosure? Do you have a set time on 2017-02-02 (UTC) you want this restricted until? Let me ask other team members. We are still deciding because of time zone differences. Meanwhile, here is a GPG signature for the previously provided tcpdump-4.9.0.tar.gz: http://www.tcpdump.org/4.9.0-u82xFZBjZxWv/tcpdump-4.9.0.tar.gz.sig The 4.9.0 release will be available from tcpdump.org around 12:00 UTC on 2 February 2017, we will also request to make the CVEs public on the same day. Please retain the restriction before that. Based on the fact that for this release the impact is no more severe than a segfault, we accept the fact the updated packages may become available not on the same date as the formal announce. This is now public: https://www.debian.org/security/2017/dsa-3775 http://seclists.org/oss-sec/2017/q1/230 @ Arches, please test and mark stable: =net-libs/libpcap-1.8.1 arm (because you are late, see bug 605224) =net-analyzer/tcpdump-4.9.0 CVE-2016-7993 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7993): A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). CVE-2016-7992 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7992): The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print(). CVE-2016-7986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7986): The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. CVE-2016-7985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7985): The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print(). CVE-2016-7984 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7984): The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). CVE-2016-7983 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7983): The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). CVE-2016-7975 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7975): The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). CVE-2016-7974 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7974): The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions. CVE-2016-7973 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7973): The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. CVE-2016-7940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7940): The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. CVE-2016-7939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7939): The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions. CVE-2016-7938 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7938): The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). CVE-2016-7937 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7937): The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). CVE-2016-7936 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7936): The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). CVE-2016-7935 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7935): The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). CVE-2016-7934 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7934): The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). CVE-2016-7933 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7933): The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). CVE-2016-7932 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7932): The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). CVE-2016-7931 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7931): The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). CVE-2016-7930 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7930): The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print(). CVE-2016-7929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7929): The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). CVE-2016-7928 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7928): The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print(). CVE-2016-7927 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7927): The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). CVE-2016-7926 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7926): The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print(). CVE-2016-7925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7925): The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print(). CVE-2016-7924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7924): The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). CVE-2016-7923 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7923): The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). CVE-2016-7922 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7922): The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). CVE-2016-8575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8575): The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. CVE-2016-8574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8574): The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). CVE-2017-5486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5486): The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). CVE-2017-5485 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5485): The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap(). CVE-2017-5484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5484): The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). CVE-2017-5483 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5483): The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse(). CVE-2017-5482 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5482): The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. CVE-2017-5342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5342): In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). CVE-2017-5341 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5341): The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). CVE-2017-5205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5205): The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). CVE-2017-5204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5204): The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). CVE-2017-5203 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5203): The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). CVE-2017-5202 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5202): The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). Stable on alpha. amd64 stable Stable for HPPA PPC64. x86 stable ppc stable arm stable New GLSA request filed. arm stable sparc stable ia64 stable. Maintainer(s), please cleanup. This issue was resolved and addressed in GLSA 201702-30 at https://security.gentoo.org/glsa/201702-30 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup. @ Maintainer(s): Please cleanup and drop =net-analyzer/tcpdump-4.8.1! |