tcpdump-4.9.2-4.el7.1

エラータID: AXSA:2020-040:01

Release date: 
Friday, May 1, 2020 - 07:20
Subject: 
tcpdump-4.9.2-4.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.

Security Fix(es):

* tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-19519
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. tcpdump-4.9.2-4.el7.1.src.rpm
    MD5: 1cbbaad58281c31a36ea32a3d3dec6aa
    SHA-256: ba2d6c900cd8ef38edc76b6cb160197fdbded0ad8e2d456fd3a6873d3aae28c0
    Size: 1.87 MB

Asianux Server 7 for x86_64
  1. tcpdump-4.9.2-4.el7.1.x86_64.rpm
    MD5: c8fc58552470c7ff2b57c01b3907ece2
    SHA-256: e35d2fe08e41ace14cf23258c1b29cd2b80a4a7b7ff32fe9c687d03c14d9a688
    Size: 420.66 kB