AXSA:2020-315:02

Release date: 
Wednesday, September 9, 2020 - 04:13
Subject: 
tcpdump-4.9.2-6.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.

Security Fix(es):

* tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-19519
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. tcpdump-4.9.2-6.el8.src.rpm
    MD5: 647d4ebf672b030e1f764fda2882b04f
    SHA-256: 8826a2cc04d001a0c2ce87c6953ed63c258d30845319db070d8d87f2bea0a6d1
    Size: 1.88 MB

Asianux Server 8 for x86_64
  1. tcpdump-4.9.2-6.el8.x86_64.rpm
    MD5: c83a99dbfe63cf69ab1fa4b171f22fbd
    SHA-256: 79ea5790265d546f6aafd7e797666ade8f0a127c3ba6f880cd248d99c359bd6a
    Size: 477.10 kB
Copyright© 2007-2015 Asianux. All rights reserved.