UbuntuUpdates.org

Package "tcpdump"

Name: tcpdump

Description:

command-line network traffic analyzer

Latest version: 4.9.2-0ubuntu0.14.04.1
Release: trusty (14.04)
Level: security
Repository: main
Homepage: http://www.tcpdump.org/

Links

Save this URL for the latest version of "tcpdump": https://www.ubuntuupdates.org/tcpdump


Download "tcpdump"


Other versions of "tcpdump" in Trusty

Repository Area Version
base main 4.5.1-2ubuntu1
updates main 4.9.2-0ubuntu0.14.04.1

Changelog

Version: 4.9.2-0ubuntu0.14.04.1 2017-09-13 23:06:38 UTC
No changelog available yet.
Source diff to previous version

Version: 4.9.0-1ubuntu1~ubuntu14.04.1 2017-02-21 19:06:47 UTC

  tcpdump (4.9.0-1ubuntu1~ubuntu14.04.1) trusty-security; urgency=medium

  * Backport to trusty to fix CVEs (LP: #1662177).
  * Reset libpcap dependency to trusty version
  * Enable crypto support, dropped in zesty because of openssl.
  * Disable some tests failing with older pcap versions

Source diff to previous version
1662177 tcpdump multiple CVEs

Version: 4.5.1-2ubuntu1.2 2015-04-27 16:08:03 UTC

  tcpdump (4.5.1-2ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple issues (LP: #1444363)
    - debian/patches/60_cve-2015-0261.diff: check lengths in
      print-mobility.c.
    - debian/patches/60_cve-2015-2153.diff: check length in
      print-rpki-rtr.c.
    - debian/patches/60_cve-2015-2153-fix-regression.diff: more length
      checks in print-rpki-rtr.c.
    - debian/patches/60_cve-2015-2154.diff: check lengths in
      print-isoclns.c.
    - debian/patches/60_cve-2015-2155.diff: make sure ops->print is valid
      in print-forces.c.
    - CVE-2015-0261
    - CVE-2015-2153
    - CVE-2015-2154
    - CVE-2015-2155
 -- Marc Deslauriers <email address hidden> Fri, 24 Apr 2015 13:06:07 -0400

Source diff to previous version
1444363 tcpdump missing some CVEs
CVE-2015-0261 Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a d
CVE-2015-2153 The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (
CVE-2015-2154 The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service
CVE-2015-2155 The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspec

Version: 4.5.1-2ubuntu1.1 2014-12-04 15:07:45 UTC

  tcpdump (4.5.1-2ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution in
    olsr_print
    - debian/patches/CVE-2014-8767.patch: improve bounds checking and
      error handling in print-olsr.c.
    - CVE-2014-8767
  * SECURITY UPDATE: denial of service and possible code execution in
    geonet_print
    - debian/patches/CVE-2014-8768.patch: improve bounds checking and
      length checking in print-geonet.c.
    - CVE-2014-8768
  * SECURITY UPDATE: denial of service and possible code execution in
    print-aodv.c
    - debian/patches/CVE-2014-8769.patch: improve bounds checking and
      length checking in print-aodv.c, aodv.h.
    - CVE-2014-8769
  * SECURITY UPDATE: denial of service and possible code execution in
    print-ppp.c
    - debian/patches/CVE-2014-9140.patch: improve bounds checking in
      print-ppp.c.
    - CVE-2014-9140
 -- Marc Deslauriers <email address hidden> Wed, 03 Dec 2014 16:39:30 -0500

CVE-2014-8767 Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of servi
CVE-2014-8768 Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a deni
CVE-2014-8769 tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segme
CVE-2014-9140 buffer overflow in the PPP dissector



About   -   Send Feedback to @ubuntu_updates