[Git][security-tracker-team/security-tracker][master] Several tcpdump issues fixed in unstable
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 10 21:46:52 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97ea3ed6 by Salvatore Bonaccorso at 2019-10-10T20:45:42Z
Several tcpdump issues fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6128,7 +6128,7 @@ CVE-2019-15168
CVE-2019-15167
RESERVED
CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 l ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
- libpcap 1.9.1-1 (bug #941697)
@@ -57907,10 +57907,10 @@ CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote a
CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search b ...)
NOT-FOR-US: PHP Scripts Mall Domain Lookup Script
CVE-2018-16452 (The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778
CVE-2018-16451 (The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print- ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6
CVE-2018-16450 (CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. ...)
NOT-FOR-US: CraftedWeb
@@ -58355,7 +58355,7 @@ CVE-2018-16301 (libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buf
NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855 (asked upstream for info)
NOTE: rpcapd not built in Debian.
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory Travers ...)
NOT-FOR-US: Wordpress plugin
@@ -58498,16 +58498,16 @@ CVE-2018-16232 (An authenticated command injection vulnerability exists in IPFir
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows r ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f
CVE-2018-16229 (The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
CVE-2018-16228 (The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d
CVE-2018-16227 (The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09
CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Office 400 ...)
NOT-FOR-US: Mitel
@@ -61759,16 +61759,16 @@ CVE-2018-14883 (An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76423
CVE-2018-14882 (The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4
CVE-2018-14881 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff
CVE-2018-14880 (The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a buffer ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
CVE-2018-XXXX [DSA verification crashes OpenSSL on invalid combinations of key content]
- xml-security-c 2.0.2-2 (bug #913136)
@@ -63081,34 +63081,34 @@ CVE-2018-14472 (An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file
CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0 ...)
- libredwg <itp> (bug #595191)
CVE-2018-14470 (The Babel parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b
CVE-2018-14469 (The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c
CVE-2018-14468 (The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
CVE-2018-14467 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9
CVE-2018-14466 (The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print- ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94
CVE-2018-14465 (The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739
CVE-2018-14464 (The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220
CVE-2018-14463 (The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b
CVE-2018-14462 (The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- hdf5 <undetermined>
@@ -74927,12 +74927,12 @@ CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWA
CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
NOT-FOR-US: D-Link
CVE-2018-10105 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2 ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: "Fixed" by disabling SMB printing
CVE-2018-10104
RESERVED
CVE-2018-10103 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2 ...)
- - tcpdump <unfixed> (bug #941698)
+ - tcpdump 4.9.3-1 (bug #941698)
NOTE: "Fixed" by disabling SMB printing
CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) ...)
NOT-FOR-US: Google Monorail
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97ea3ed6bdac04ff4f34ec9b0e96b4f58a2457ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97ea3ed6bdac04ff4f34ec9b0e96b4f58a2457ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191010/b471412d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list