Your message dated Sat, 23 Sep 2017 10:03:35 +0000
with message-id <[email protected]>
and subject line Bug#873806: fixed in tcpdump 4.9.2-1~deb9u1
has caused the Debian Bug report #873806,
regarding CVE-2017-11543
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
873806: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873806
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tcpdump
X-Debbugs-CC: [email protected]
[email protected]
Severity: important
Tags: security
Hi,
the following vulnerability was published for tcpdump.
CVE-2017-11541[0]:
| tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print
| function in print-lldp.c, related to util-print.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
Please adjust the affected versions in the BTS as needed.
Note that I've not been able to reproduce the vulnerability with the
pcap file provided at
https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl
but given this has a CVE I figured it's safer to bring this to your
attention anyway.
--- End Message ---
--- Begin Message ---
Source: tcpdump
Source-Version: 4.9.2-1~deb9u1
We believe that the bug you reported is fixed in the latest version of
tcpdump, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Francoise <[email protected]> (supplier of updated tcpdump package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Sep 2017 20:33:48 +0200
Source: tcpdump
Binary: tcpdump
Architecture: amd64 source
Version: 4.9.2-1~deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Romain Francoise <[email protected]>
Changed-By: Romain Francoise <[email protected]>
Closes: 867718 873804 873805 873806
Description:
tcpdump - command-line network traffic analyzer
Changes:
tcpdump (4.9.2-1~deb9u1) stretch-security; urgency=high
.
* New upstream release, fixing 90 new CVEs. See the upstream changelog
for the full list (closes: #867718, #873804, #873805, #873806).
Checksums-Sha1:
184e2da682ff3031440bc15a57d7d793835790ca 1953 tcpdump_4.9.2-1~deb9u1.dsc
f7dccebe94c3d07ac8744d43297ea2b98b35a13f 2298386 tcpdump_4.9.2.orig.tar.gz
2f2cbaff068f220c33306bd9612928a14a9cafd9 12464
tcpdump_4.9.2-1~deb9u1.debian.tar.xz
242c59d65f5d2d6ad8f858d8bdf3c87f9788e487 5227
tcpdump_4.9.2-1~deb9u1_source.buildinfo
ce0d5ff191ef78d54edd7a4484479cf65fc6725d 880512
tcpdump-dbgsym_4.9.2-1~deb9u1_amd64.deb
e8e95e1f90e072f79541ad82bdf9ea4bfa0420f0 4815
tcpdump_4.9.2-1~deb9u1_amd64.buildinfo
79a47754723b3a548aff192cea9ad8d440276d85 414652
tcpdump_4.9.2-1~deb9u1_amd64.deb
Checksums-Sha256:
e11b0b9ba1ebc10c5ed21e13f372ffb08cd2502d404b680f1e6989c155c64e05 1953
tcpdump_4.9.2-1~deb9u1.dsc
798b3536a29832ce0cbb07fafb1ce5097c95e308a6f592d14052e1ef1505fe79 2298386
tcpdump_4.9.2.orig.tar.gz
96a5bdd93c7a30b328bc2096723b64eb0eb440a3b096052db624b4d4ac0c937d 12464
tcpdump_4.9.2-1~deb9u1.debian.tar.xz
9fdd1d71136ecb377873df7e504735fdd29d04fe78d8c5cb7c93078ddac585cc 5227
tcpdump_4.9.2-1~deb9u1_source.buildinfo
fe8a42e3861317a4baa1dd5ef475c3d6440b7c1d4f72d1e7f73700ced9b17048 880512
tcpdump-dbgsym_4.9.2-1~deb9u1_amd64.deb
8e2639b080429c8dd7168e76e8a667380af560efa25335a6ba9ce97a1b0aceb1 4815
tcpdump_4.9.2-1~deb9u1_amd64.buildinfo
94541bfca7de7bdd3ec51f0ae5b3b92b1e9aaa90ec83e3645520ef23c8c710fa 414652
tcpdump_4.9.2-1~deb9u1_amd64.deb
Files:
67875543ce43caa4db110b4430400cd7 1953 net optional tcpdump_4.9.2-1~deb9u1.dsc
9bbc1ee33dab61302411b02dd0515576 2298386 net optional tcpdump_4.9.2.orig.tar.gz
6a5d675c6c9debb2ca1cc678b55303d8 12464 net optional
tcpdump_4.9.2-1~deb9u1.debian.tar.xz
8a15410d22a255da2a2a59a84ad34dfb 5227 net optional
tcpdump_4.9.2-1~deb9u1_source.buildinfo
cb78b163a3ddb2570fd317c86a9dc14d 880512 debug extra
tcpdump-dbgsym_4.9.2-1~deb9u1_amd64.deb
2fe0abaeb5f680b9095c3e1a64516264 4815 net optional
tcpdump_4.9.2-1~deb9u1_amd64.buildinfo
c876351c2d46812d30eec389a07c27c1 414652 net optional
tcpdump_4.9.2-1~deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEvjSXQsqYfs1+d+QtrRX0NfBfli0FAlm4HUIACgkQrRX0NfBf
li1eOw//UDtMFd5P2GMrEtHLMdcwRF+sgv9PYT8D/sNIJNZYjOoSLQE5iL2rGklu
HZ8NNVE2/yUDqIPIB2pOyCekJx41O85g32vdcnvvkbUxSvGFplW0QlSkly6IBvs1
vE1Qh1HxASDj/Nn4n/nEHhBe6e/HehHdS1NuaeRQ7+xmanDBpokk9RJ1KGAf/Xry
CdtMr5EPvpH244EbKgcCzBPwC1Dh9MmXE/S8ZJ7cUnCcx/v2u6CHkeqDq+KZK53H
HKsB5efK6g75Y+8L94kUW/R/mv5QNEsysICBPK8usXwP5cybs4RN1JFO3NDpI4vi
BiFbFJk0unioA5Lrwo60ZJQwdqNd/Y/8D5C1qCtKzIZgII1Inig8o1QBElvT6OCt
vDgpvzAApetN7nDDRYjCq4uzTYqsZ5AN+G1q2rNjG2XIR2eFilnX6bXpL/oswBh0
J3/XmIV+H5094Y/zVK5R1JMEn0PshE8F1cwWSlftyRWh4L/4BEUvLV9+vA/o8lpa
Pyu0uhOr3HurQ6eNjLeBSejv4vNZDfshZ47VL+qyxFwB4gmB6mEYRz2ky4GiuOC9
HS7a6nDPWNA2DQlc7qfmPfi34b0gQxvSlMLyJLNziL/Fv9IkcmfroVFHfiDM0UqF
sqpEkVTJYQzMEGE8qact6CLIMtpEnZu4OqKTxJFy5v2jtpRTgrM=
=s+Xb
-----END PGP SIGNATURE-----
--- End Message ---
