Security update for tcpdump SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2348-1 Final 1 1 2019-10-20T18:19:33Z current 2019-10-20T18:19:33Z 2019-10-20T18:19:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tcpdump This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098). - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098). - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098). - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2348 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html E-Mail link for openSUSE-SU-2019:2348-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1068716 SUSE Bug 1068716 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 https://bugzilla.suse.com/1153332 SUSE Bug 1153332 https://www.suse.com/security/cve/CVE-2017-16808/ SUSE CVE CVE-2017-16808 page https://www.suse.com/security/cve/CVE-2018-10103/ SUSE CVE CVE-2018-10103 page https://www.suse.com/security/cve/CVE-2018-10105/ SUSE CVE CVE-2018-10105 page https://www.suse.com/security/cve/CVE-2018-14461/ SUSE CVE CVE-2018-14461 page https://www.suse.com/security/cve/CVE-2018-14462/ SUSE CVE CVE-2018-14462 page https://www.suse.com/security/cve/CVE-2018-14463/ SUSE CVE CVE-2018-14463 page https://www.suse.com/security/cve/CVE-2018-14464/ SUSE CVE CVE-2018-14464 page https://www.suse.com/security/cve/CVE-2018-14465/ SUSE CVE CVE-2018-14465 page https://www.suse.com/security/cve/CVE-2018-14466/ SUSE CVE CVE-2018-14466 page https://www.suse.com/security/cve/CVE-2018-14467/ SUSE CVE CVE-2018-14467 page https://www.suse.com/security/cve/CVE-2018-14468/ SUSE CVE CVE-2018-14468 page https://www.suse.com/security/cve/CVE-2018-14469/ SUSE CVE CVE-2018-14469 page https://www.suse.com/security/cve/CVE-2018-14470/ SUSE CVE CVE-2018-14470 page https://www.suse.com/security/cve/CVE-2018-14879/ SUSE CVE CVE-2018-14879 page https://www.suse.com/security/cve/CVE-2018-14880/ SUSE CVE CVE-2018-14880 page https://www.suse.com/security/cve/CVE-2018-14881/ SUSE CVE CVE-2018-14881 page https://www.suse.com/security/cve/CVE-2018-14882/ SUSE CVE CVE-2018-14882 page https://www.suse.com/security/cve/CVE-2018-16227/ SUSE CVE CVE-2018-16227 page https://www.suse.com/security/cve/CVE-2018-16228/ SUSE CVE CVE-2018-16228 page https://www.suse.com/security/cve/CVE-2018-16229/ SUSE CVE CVE-2018-16229 page https://www.suse.com/security/cve/CVE-2018-16230/ SUSE CVE CVE-2018-16230 page https://www.suse.com/security/cve/CVE-2018-16300/ SUSE CVE CVE-2018-16300 page https://www.suse.com/security/cve/CVE-2018-16301/ SUSE CVE CVE-2018-16301 page https://www.suse.com/security/cve/CVE-2018-16451/ SUSE CVE CVE-2018-16451 page https://www.suse.com/security/cve/CVE-2018-16452/ SUSE CVE CVE-2018-16452 page https://www.suse.com/security/cve/CVE-2019-1010220/ SUSE CVE CVE-2019-1010220 page https://www.suse.com/security/cve/CVE-2019-15166/ SUSE CVE CVE-2019-15166 page https://www.suse.com/security/cve/CVE-2019-15167/ SUSE CVE CVE-2019-15167 page openSUSE Leap 15.1 tcpdump-4.9.2-lp151.4.6.1 tcpdump-4.9.2-lp151.4.6.1 as a component of openSUSE Leap 15.1 tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. CVE-2017-16808 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2017-16808.html CVE-2017-16808 https://bugzilla.suse.com/1068716 SUSE Bug 1068716 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). CVE-2018-10103 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-10103.html CVE-2018-10103 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). CVE-2018-10105 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-10105.html CVE-2018-10105 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). CVE-2018-14461 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14461.html CVE-2018-14461 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). CVE-2018-14462 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14462.html CVE-2018-14462 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. CVE-2018-14463 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14463.html CVE-2018-14463 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). CVE-2018-14464 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14464.html CVE-2018-14464 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). CVE-2018-14465 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14465.html CVE-2018-14465 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). CVE-2018-14466 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14466.html CVE-2018-14466 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 https://bugzilla.suse.com/1166972 SUSE Bug 1166972 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). CVE-2018-14467 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14467.html CVE-2018-14467 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). CVE-2018-14468 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14468.html CVE-2018-14468 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). CVE-2018-14469 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14469.html CVE-2018-14469 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). CVE-2018-14470 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14470.html CVE-2018-14470 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). CVE-2018-14879 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14879.html CVE-2018-14879 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). CVE-2018-14880 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14880.html CVE-2018-14880 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). CVE-2018-14881 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14881.html CVE-2018-14881 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. CVE-2018-14882 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-14882.html CVE-2018-14882 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. CVE-2018-16227 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-16227.html CVE-2018-16227 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). CVE-2018-16228 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-16228.html CVE-2018-16228 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). CVE-2018-16229 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-16229.html CVE-2018-16229 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). CVE-2018-16230 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-16230.html CVE-2018-16230 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. CVE-2018-16300 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-16300.html CVE-2018-16300 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. CVE-2018-16301 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-16301.html CVE-2018-16301 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 https://bugzilla.suse.com/1153332 SUSE Bug 1153332 https://bugzilla.suse.com/1195825 SUSE Bug 1195825 The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. CVE-2018-16451 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-16451.html CVE-2018-16451 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. CVE-2018-16452 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2018-16452.html CVE-2018-16452 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. CVE-2019-1010220 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2019-1010220.html CVE-2019-1010220 https://bugzilla.suse.com/1142439 SUSE Bug 1142439 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. CVE-2019-15166 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2019-15166.html CVE-2019-15166 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. CVE-2019-15167 openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://www.suse.com/security/cve/CVE-2019-15167.html CVE-2019-15167 https://bugzilla.suse.com/1153098 SUSE Bug 1153098