[manjaro-security] [arch-security] [ASA-201709-5] tcpdump: multiple issues

Levente Polyak anthraxx at archlinux.org
Wed Sep 13 21:54:51 CEST 2017


Arch Linux Security Advisory ASA-201709-5
=========================================

Severity: Critical
Date    : 2017-09-13
CVE-ID  : CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893
          CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897
          CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901
          CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987
          CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991
          CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995
          CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999
          CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003
          CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007
          CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011
          CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015
          CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019
          CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023
          CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027
          CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031
          CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035
          CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039
          CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043
          CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047
          CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051
          CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055
          CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690
          CVE-2017-13725
Package : tcpdump
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-361

Summary
=======

The package tcpdump before version 4.9.2-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution
==========

Upgrade to 4.9.2-1.

# pacman -Syu "tcpdump>=4.9.2-1"

The problems have been fixed upstream in version 4.9.2.

Workaround
==========

None.

Description
===========

- CVE-2017-11541 (denial of service)

A heap-based out-of-bounds read vulnerability was discovered in tcpdump
<= 4.9.1, in the lldp_print function in print-lldp.c, related to util-
print.c. An attacker could craft a malicious pcap file or send
specially crafted packets to the network that would cause tcpdump to
crash when attempting to print a summary of the packet data.

- CVE-2017-11542 (denial of service)

A heap-based out-of-bounds read vulnerability was discovered in tcpdump
<= 4.9.1, in the pimv1_print function in print-pim.c. An attacker could
craft a malicious pcap file or send specially crafted packets to the
network that would cause tcpdump to crash when attempting to print a
summary of the packet data.

- CVE-2017-11543 (arbitrary code execution)

An out-of-bounds write vulnerability was discovered in tcpdump's
handling of LINKTYPE_SLIP in the sliplink_print function in print-sl.c.
An attacker could craft a malicious pcap file or send specially crafted
packets to the network that would cause tcpdump to crash or possibly
execute arbitrary code when attempting to print a summary of the packet
data.

- CVE-2017-12893 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of SMB/CIFS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12894 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's parsers
when calling lookup_bytestring in tcpdump <= 4.9.1. An attacker could
craft a malicious pcap file or send specially crafted packets to the
network that would cause tcpdump to crash while processing the packet
data.

- CVE-2017-12895 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ICMP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12896 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISAKMP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12897 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISO CLNS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12898 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of NFS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12899 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of DECnet in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12900 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's parsers
when calling tok2strbuf in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12901 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of EIGRP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12902 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of Zephyr in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12985 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IPv6 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12986 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IPv6 routing headers in tcpdump <= 4.9.1. An attacker could
craft a malicious pcap file or send specially crafted packets to the
network that would cause tcpdump to crash while processing the packet
data.

- CVE-2017-12987 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IEEE 802.11 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12988 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of telnet in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12989 (denial of service)

An infinite loop vulnerability was discovered in tcpdump's handling of
RESP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file
or send specially crafted packets to the network that would cause
tcpdump to enter an infinite loop while processing the packet data
leading to denial of service.

- CVE-2017-12990 (denial of service)

An infinite loop vulnerability was discovered in tcpdump's handling of
ISAKMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap
file or send specially crafted packets to the network that would cause
tcpdump to enter an infinite loop while processing the packet data
leading to denial of service.

- CVE-2017-12991 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of BGP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12992 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of RIPng in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12993 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of Juniper in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12994 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of BGP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12995 (denial of service)

An infinite loop vulnerability was discovered in tcpdump's handling of
DNS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file
or send specially crafted packets to the network that would cause
tcpdump to enter an infinite loop while processing the packet data
leading to denial of service.

- CVE-2017-12996 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of PIMv2 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12997 (denial of service)

An infinite loop vulnerability was discovered in tcpdump's handling of
LLDP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file
or send specially crafted packets to the network that would cause
tcpdump to enter an infinite loop while processing the packet data
leading to denial of service.

- CVE-2017-12998 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-12999 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13000 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IEEE 802.15.4 in tcpdump <= 4.9.1. An attacker could craft
a malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13001 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of NFS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13002 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of AODV in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13003 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of LMP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13004 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of Juniper in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13005 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of NFS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13006 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of L2TP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13007 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of Apple PKTAP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13008 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IEEE 802.11 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13009 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft
a malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13010 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of BEEP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13011 (arbitrary code execution)

An out-of-bounds write vulnerability was discovered in tcpdump's
parsers when calling bittok2str_internal. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash or possibly execute arbitrary code
while processing the packet data.

- CVE-2017-13012 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ICMP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13013 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ARP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13014 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of White Board in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13015 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of EAP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13016 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISO ES-IS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13017 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of DHCPv6 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13018 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of PGM in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13019 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of PGM in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13020 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of VTP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13021 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ICMPv6 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13022 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IP in tcpdump <= 4.9.1. An attacker could craft a malicious
pcap file or send specially crafted packets to the network that would
cause tcpdump to crash while processing the packet data.

- CVE-2017-13023 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft
a malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13024 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft
a malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13025 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft
a malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13026 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13027 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of LLDP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13028 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of BOOTP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13029 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of PPP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13030 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of PIM in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13031 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IPv6 fragmentation header in tcpdump <= 4.9.1. An attacker
could craft a malicious pcap file or send specially crafted packets to
the network that would cause tcpdump to crash while processing the
packet data.

- CVE-2017-13032 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of RADIUS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13033 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of VTP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13034 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of PGM in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13035 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13036 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of OSPFv3 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13037 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IP in tcpdump <= 4.9.1. An attacker could craft a malicious
pcap file or send specially crafted packets to the network that would
cause tcpdump to crash while processing the packet data.

- CVE-2017-13038 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of PPP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13039 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISAKMP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13040 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of MPTCP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13041 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ICMPv6 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13042 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of HNCP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13043 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of BGP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13044 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of HNCP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13045 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of VQP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13046 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of BGP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13047 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISO ES-IP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13048 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of RSVP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13049 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of Rx in tcpdump <= 4.9.1. An attacker could craft a malicious
pcap file or send specially crafted packets to the network that would
cause tcpdump to crash while processing the packet data.

- CVE-2017-13050 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of RPKI-Router in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13051 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of RSVP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13052 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of CFM in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13053 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of BGP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13054 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of LLDP in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13055 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13687 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of Cisco HDLC in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13688 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of OLSR in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13689 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IKEv1 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13690 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IKEv2 in tcpdump <= 4.9.1. An attacker could craft a
malicious pcap file or send specially crafted packets to the network
that would cause tcpdump to crash while processing the packet data.

- CVE-2017-13725 (denial of service)

An out-of-bounds read vulnerability was discovered in tcpdump's
handling of IPv6 routing headers in tcpdump <= 4.9.1. An attacker could
craft a malicious pcap file or send specially crafted packets to the
network that would cause tcpdump to crash while processing the packet
data.

Impact
======

A remote attacker is able to crash the application or execute arbitrary
code by tricking the user to open a specially crafted pcap file or by
sending specially crafted packets to the network.

References
==========

http://www.tcpdump.org/tcpdump-changes.txt
https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print
https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim
https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3
https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl
https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45
https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a829779057f4f9495dc51
https://github.com/the-tcpdump-group/tcpdump/commit/2b62d1dda41590db29368ec7ba5f4faf3464765a
https://github.com/the-tcpdump-group/tcpdump/commit/4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2
https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771
https://github.com/the-tcpdump-group/tcpdump/commit/1dcd10aceabbc03bf571ea32b892c522cbe923de
https://github.com/the-tcpdump-group/tcpdump/commit/19d25dd8781620cd41bf178a5e2e27fc1cf242d0
https://github.com/the-tcpdump-group/tcpdump/commit/f96003b21e2abfbba59b926b10a7f9bc7d11e36c
https://github.com/the-tcpdump-group/tcpdump/commit/c6e0531b5def26ecf912e8de6ade86cbdaed3751
https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d585f1a73c652b1e0
https://github.com/the-tcpdump-group/tcpdump/commit/de981e6070d168b58ec1bb0713ded77ed4ad87f4
https://github.com/the-tcpdump-group/tcpdump/commit/6ec0c6fa63412c7a07a5bcb790a529c3563b4173
https://github.com/the-tcpdump-group/tcpdump/commit/d17507ffa3e9742199b02a66aa940e79ababfa30
https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f
https://github.com/the-tcpdump-group/tcpdump/commit/7ac73d6cd41e9d4ac0ca7e6830ca390e195bb21c
https://github.com/the-tcpdump-group/tcpdump/commit/2ecb9d2c67d9119250c54811a6ce4d0f2ddf44f1
https://github.com/the-tcpdump-group/tcpdump/commit/99798bd9a41bd3d03fdc1e949810a38967f20ed3
https://github.com/the-tcpdump-group/tcpdump/commit/8934a7d6307267d301182f19ed162563717e29e3
https://github.com/the-tcpdump-group/tcpdump/commit/db24063b01cba8e9d4d88b7d8ac70c9000c104e4
https://github.com/the-tcpdump-group/tcpdump/commit/c2ef693866beae071a24b45c49f9674af1df4028
https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7
https://github.com/the-tcpdump-group/tcpdump/commit/e942fb84fbe3a73a98a00d2a279425872b5fb9d2
https://github.com/the-tcpdump-group/tcpdump/commit/b534e304568585707c4a92422aeca25cf908ff02
https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064a1b21683ee6b5ddf
https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148a9055c3a542eff29
https://github.com/the-tcpdump-group/tcpdump/commit/6fca58f5f9c96749a575f52e20598ad43f5bdf30
https://github.com/the-tcpdump-group/tcpdump/commit/34cec721d39c76be1e0a600829a7b17bdfb832b6
https://github.com/the-tcpdump-group/tcpdump/commit/979dcefd7b259e9e233f77fe1c5312793bfd948f
https://github.com/the-tcpdump-group/tcpdump/commit/3b32029db354cbc875127869d9b12a9addc75b50
https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f
https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184
https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97
https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123
https://github.com/the-tcpdump-group/tcpdump/commit/cbddb98484ea8ec1deece351abd56e063d775b38
https://github.com/the-tcpdump-group/tcpdump/commit/a25211918f2e790c67d859d20ccf8dbb81da1598
https://github.com/the-tcpdump-group/tcpdump/commit/35d146b7a66496d72cdeb95ccb33ab80a265ce90
https://github.com/the-tcpdump-group/tcpdump/commit/42073d54c53a496be40ae84152bbfe2c923ac7bc
https://github.com/the-tcpdump-group/tcpdump/commit/b45a9a167ca6a3ef2752ae9d48d56ac14b001bfd
https://github.com/the-tcpdump-group/tcpdump/commit/cc4a7391c616be7a64ed65742ef9ed3f106eb165
https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de27672fdbd6eb34856
https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562
https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fcbfca06e662f5bd5f
https://github.com/the-tcpdump-group/tcpdump/commit/877b66b398518d9501513e0860c9f3a8acc70892
https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe
https://github.com/the-tcpdump-group/tcpdump/commit/8509ef02eceb2bbb479cea10fe4a7ec6395f1a8b
https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530f8a842e7143fb5cc
https://github.com/the-tcpdump-group/tcpdump/commit/cc356512f512e7fa423b3674db4bb31dbe40ffec
https://github.com/the-tcpdump-group/tcpdump/commit/985122081165753c7442bd7824c473eb9ff56308
https://github.com/the-tcpdump-group/tcpdump/commit/c177cb3800a9a68d79b2812f0ffcb9479abd6eb8
https://github.com/the-tcpdump-group/tcpdump/commit/11b426ee05eb62ed103218526f1fa616851c43ce
https://github.com/the-tcpdump-group/tcpdump/commit/26a6799b9ca80508c05cac7a9a3bef922991520b
https://github.com/the-tcpdump-group/tcpdump/commit/4601c685e7fd19c3724d5e499c69b8d3ec49933e
https://github.com/the-tcpdump-group/tcpdump/commit/d692d67332bcc90540088ad8e725eb3279e39863
https://github.com/the-tcpdump-group/tcpdump/commit/c5dd7bef5e54da5996dc4713284aa6266ae75b75
https://github.com/the-tcpdump-group/tcpdump/commit/67c7126062d59729cd421bb38f9594015c9907ba
https://github.com/the-tcpdump-group/tcpdump/commit/eee0b04bcfdae319c242b0b8fc3d07029ee65b8c
https://github.com/the-tcpdump-group/tcpdump/commit/b8e559afaeb8fe0604a1f8e3ad4dc1445de07a00
https://github.com/the-tcpdump-group/tcpdump/commit/2e1f6d9320afa83abc1ff716c7981fa504edadf2
https://github.com/the-tcpdump-group/tcpdump/commit/7d3aba9f06899d0128ef46e8a2fa143c6fad8f62
https://github.com/the-tcpdump-group/tcpdump/commit/5338aac7b8b880b0c5e0c15e27dadc44c5559284
https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb393858521c13ad47a9d70
https://github.com/the-tcpdump-group/tcpdump/commit/a77ff09c46560bc895dea11dc9fe643486b056ac
https://github.com/the-tcpdump-group/tcpdump/commit/66e22961b30547e9a8daa1f0e8dc9fbe6e2698fa
https://github.com/the-tcpdump-group/tcpdump/commit/29e5470e6ab84badbc31f4532bb7554a796d9d52
https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668bc640f5470d085e5a
https://github.com/the-tcpdump-group/tcpdump/commit/5dc1860d8267b1e0cb78c9ffa2a40bea2fdb3ddc
https://github.com/the-tcpdump-group/tcpdump/commit/2d669862df7cd17f539129049f6fb70d17174125
https://github.com/the-tcpdump-group/tcpdump/commit/1bc78d795cd5cad5525498658f414a11ea0a7e9c
https://github.com/the-tcpdump-group/tcpdump/commit/ae83295915d08a854de27a88efac5dd7353e6d3f
https://github.com/the-tcpdump-group/tcpdump/commit/da6f1a677bfa4476abaeaf9b1afe1c4390f51b41
https://github.com/the-tcpdump-group/tcpdump/commit/571a6f33f47e7a2394fa08f925e534135c29cf1e
https://github.com/the-tcpdump-group/tcpdump/commit/88b2dac837e81cf56dce05e6e7b5989332c0092d
https://github.com/the-tcpdump-group/tcpdump/commit/2c2cfbd2b771ac888bc5c4a6d922f749d3822538
https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629
https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37ed0aab36fb8494e6d
https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c
https://github.com/the-tcpdump-group/tcpdump/commit/f4b9e24c7384d882a7f434cc7413925bf871d63e
https://github.com/the-tcpdump-group/tcpdump/commit/39582c04cc5e34054b2936b423072fb9df2ff6ef
https://github.com/the-tcpdump-group/tcpdump/commit/d515b4b4a300479cdf1a6e0d1bb95bc1f9fee514
https://github.com/the-tcpdump-group/tcpdump/commit/c2f6833dddecf2d5fb89c9c898eee9981da342ed
https://github.com/the-tcpdump-group/tcpdump/commit/3b36ec4e713dea9266db11975066c425aa669b6c
https://github.com/the-tcpdump-group/tcpdump/commit/d10a0f980fe8f9407ab1ffbd612641433ebe175e
https://github.com/the-tcpdump-group/tcpdump/commit/331530a4076c69bbd2e3214db6ccbe834fb75640
https://github.com/the-tcpdump-group/tcpdump/commit/3c8a2b0e91d8d8947e89384dacf6b54673083e71
https://github.com/the-tcpdump-group/tcpdump/commit/aa0858100096a3490edf93034a80e66a4d61aad5
https://github.com/the-tcpdump-group/tcpdump/commit/83c64fce3a5226b080e535f5131a8a318f30e79b
https://github.com/the-tcpdump-group/tcpdump/commit/289c672020280529fd382f3502efab7100d638ec
https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbdf777333f18bfdab7
https://github.com/the-tcpdump-group/tcpdump/commit/bd4e697ebd6c8457efa8f28f6831fc929b88a014
https://github.com/the-tcpdump-group/tcpdump/commit/e6511cc1a950fe1566b2236329d6b4bd0826cc7a
https://github.com/the-tcpdump-group/tcpdump/commit/5d0d76e88ee2d3236d7e032589d6f1d4ec5f7b1e
https://github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a071897292f64be49
https://github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc09afd9fa1a02c4a3d
https://github.com/the-tcpdump-group/tcpdump/commit/0cb1b8a434b599b8d636db029aadb757c24e39d6
https://github.com/the-tcpdump-group/tcpdump/commit/061e7371a944588f231cb1b66d6fb070b646e376
https://github.com/the-tcpdump-group/tcpdump/commit/8dca25d26c7ca2caf6138267f6f17111212c156e
https://github.com/the-tcpdump-group/tcpdump/commit/c7c515ee03c285cc51376328de4ae9d549e501a5
https://github.com/the-tcpdump-group/tcpdump/commit/3c4d7c0ee30a30e5abff3d6d9586a3753101faf5
https://security.archlinux.org/CVE-2017-11541
https://security.archlinux.org/CVE-2017-11542
https://security.archlinux.org/CVE-2017-11543
https://security.archlinux.org/CVE-2017-12893
https://security.archlinux.org/CVE-2017-12894
https://security.archlinux.org/CVE-2017-12895
https://security.archlinux.org/CVE-2017-12896
https://security.archlinux.org/CVE-2017-12897
https://security.archlinux.org/CVE-2017-12898
https://security.archlinux.org/CVE-2017-12899
https://security.archlinux.org/CVE-2017-12900
https://security.archlinux.org/CVE-2017-12901
https://security.archlinux.org/CVE-2017-12902
https://security.archlinux.org/CVE-2017-12985
https://security.archlinux.org/CVE-2017-12986
https://security.archlinux.org/CVE-2017-12987
https://security.archlinux.org/CVE-2017-12988
https://security.archlinux.org/CVE-2017-12989
https://security.archlinux.org/CVE-2017-12990
https://security.archlinux.org/CVE-2017-12991
https://security.archlinux.org/CVE-2017-12992
https://security.archlinux.org/CVE-2017-12993
https://security.archlinux.org/CVE-2017-12994
https://security.archlinux.org/CVE-2017-12995
https://security.archlinux.org/CVE-2017-12996
https://security.archlinux.org/CVE-2017-12997
https://security.archlinux.org/CVE-2017-12998
https://security.archlinux.org/CVE-2017-12999
https://security.archlinux.org/CVE-2017-13000
https://security.archlinux.org/CVE-2017-13001
https://security.archlinux.org/CVE-2017-13002
https://security.archlinux.org/CVE-2017-13003
https://security.archlinux.org/CVE-2017-13004
https://security.archlinux.org/CVE-2017-13005
https://security.archlinux.org/CVE-2017-13006
https://security.archlinux.org/CVE-2017-13007
https://security.archlinux.org/CVE-2017-13008
https://security.archlinux.org/CVE-2017-13009
https://security.archlinux.org/CVE-2017-13010
https://security.archlinux.org/CVE-2017-13011
https://security.archlinux.org/CVE-2017-13012
https://security.archlinux.org/CVE-2017-13013
https://security.archlinux.org/CVE-2017-13014
https://security.archlinux.org/CVE-2017-13015
https://security.archlinux.org/CVE-2017-13016
https://security.archlinux.org/CVE-2017-13017
https://security.archlinux.org/CVE-2017-13018
https://security.archlinux.org/CVE-2017-13019
https://security.archlinux.org/CVE-2017-13020
https://security.archlinux.org/CVE-2017-13021
https://security.archlinux.org/CVE-2017-13022
https://security.archlinux.org/CVE-2017-13023
https://security.archlinux.org/CVE-2017-13024
https://security.archlinux.org/CVE-2017-13025
https://security.archlinux.org/CVE-2017-13026
https://security.archlinux.org/CVE-2017-13027
https://security.archlinux.org/CVE-2017-13028
https://security.archlinux.org/CVE-2017-13029
https://security.archlinux.org/CVE-2017-13030
https://security.archlinux.org/CVE-2017-13031
https://security.archlinux.org/CVE-2017-13032
https://security.archlinux.org/CVE-2017-13033
https://security.archlinux.org/CVE-2017-13034
https://security.archlinux.org/CVE-2017-13035
https://security.archlinux.org/CVE-2017-13036
https://security.archlinux.org/CVE-2017-13037
https://security.archlinux.org/CVE-2017-13038
https://security.archlinux.org/CVE-2017-13039
https://security.archlinux.org/CVE-2017-13040
https://security.archlinux.org/CVE-2017-13041
https://security.archlinux.org/CVE-2017-13042
https://security.archlinux.org/CVE-2017-13043
https://security.archlinux.org/CVE-2017-13044
https://security.archlinux.org/CVE-2017-13045
https://security.archlinux.org/CVE-2017-13046
https://security.archlinux.org/CVE-2017-13047
https://security.archlinux.org/CVE-2017-13048
https://security.archlinux.org/CVE-2017-13049
https://security.archlinux.org/CVE-2017-13050
https://security.archlinux.org/CVE-2017-13051
https://security.archlinux.org/CVE-2017-13052
https://security.archlinux.org/CVE-2017-13053
https://security.archlinux.org/CVE-2017-13054
https://security.archlinux.org/CVE-2017-13055
https://security.archlinux.org/CVE-2017-13687
https://security.archlinux.org/CVE-2017-13688
https://security.archlinux.org/CVE-2017-13689
https://security.archlinux.org/CVE-2017-13690
https://security.archlinux.org/CVE-2017-13725

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20170913/950ca167/attachment-0001.sig>


More information about the manjaro-security mailing list