Summary: | <net-analyzer/tcpdump-4.9.3-r4: Denial of service via PPP dissector (CVE-2020-8037) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sam, zlogene |
Priority: | Normal | Keywords: | CC-ARCHES |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
net-analyzer/tcpdump-4.9.3-r4
|
Runtime testing required: | --- |
Description
Sam James
2020-11-04 20:03:33 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ffa42e571f5f14a5a3400a8993a4b7745a852ef commit 5ffa42e571f5f14a5a3400a8993a4b7745a852ef Author: Sam James <sam@gentoo.org> AuthorDate: 2020-11-07 01:44:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-07 01:44:47 +0000 net-analyzer/tcpdump: patch CVE-2020-8037 Note that CVE-2020-8036 is already fixed in the version of 4.10.x packaged in Gentoo and 4.9.x is unaffected (the relevant functionality simply did not exist). Bug: https://bugs.gentoo.org/753146 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> .../files/tcpdump-4.9.3-CVE-2020-8037.patch | 63 ++++++++++++++++ net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild | 22 ++---- net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild | 86 ++++++++++++++++++++++ 3 files changed, 157 insertions(+), 14 deletions(-) hppa/sparc stable arm64 done arm done amd64 done No glsa this time. |