Bug 25565

Summary: tcpdump new security issues fixed upstream in 4.9.3
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, geiger.david68210, herman.viaene, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: tcpdump-4.9.2-3.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-10-14 17:24:04 CEST 
Upstream has libpcap 1.9.1 and tcpdump 4.9.3, fixing security issues, on September 30:
http://www.tcpdump.org/libpcap-changes.txt
http://www.tcpdump.org/tcpdump-changes.txt
http://www.tcpdump.org/public-cve-list.txt
Comment 1 David GEIGER 2019-10-14 18:21:49 CEST 
Done both tcpdump and libpcap!

CC: (none) => geiger.david68210

Comment 2 David Walser 2019-10-14 18:35:01 CEST 
Advisory:
========================

Updated libpcap and tcpdump packages fix security vulnerabilities:

The libpcap packages have been updated to versions 1.9.1 and 4.9.3,
respectively, fixing several buffer overread and overflow issues.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167
http://www.tcpdump.org/libpcap-changes.txt
http://www.tcpdump.org/tcpdump-changes.txt
http://www.tcpdump.org/public-cve-list.txt
========================

Updated packages in core/updates_testing:
========================
libpcap-doc-1.9.1-1.mga7
libpcap1-1.9.1-1.mga7
libpcap-devel-1.9.1-1.mga7
tcpdump-4.9.3-1.mga7

from SRPMS:
libpcap-1.9.1-1.mga7.src.rpm
tcpdump-4.9.3-1.mga7.src.rpm

Assignee: bugsquad => qa-bugs

Comment 3 Herman Viaene 2019-10-16 14:32:54 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues
Ref to bugs 24077 and 20212 for tests
At CLI:
# tcpdump -tttt
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp9s0, link-type EN10MB (Ethernet), capture size 262144 bytes
2019-10-16 14:20:30.118631 IP mach5.hviaene.thuis.45172 > ntp.devrandom.be.ntp: NTPv4, Client, length 48
2019-10-16 14:20:30.120451 IP mach5.hviaene.thuis.44802 > dns01.edpnet.net.domain: 40196+ PTR? 3.76.87.45.in-addr.arpa. (41)
2019-10-16 14:20:30.130259 IP dns01.edpnet.net.domain > mach5.hviaene.thuis.44802: 40196 1/3/3 PTR ntp.devrandom.be. (176)
and a lot more, at the 32 packets captured
32 packets received by filter
0 packets dropped by kernel
end:

# tcpdump -w tmp/tmp.pcap
tcpdump: listening on wlp9s0, link-type EN10MB (Ethernet), capture size 262144 bytes
stopped with CTRL-C, then
52 packets captured
52 packets received by filter
0 packets dropped by kernel

# tcpdump -tttt -r tmp/tmp.pcap
reading from file tmp/tmp.pcap, link-type EN10MB (Ethernet)
2019-10-16 14:24:37.689426 34:31:c4:80:a9:b4 (oui Unknown) > Broadcast, ethertype Unknown (0x88e1), length 60: 
        0x0000:  0000 a000 b052 2cfd 0077 0000 0000 0000  .....R,..w......
        0x0010:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............
and more .....

Looks all OK.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2019-10-16 21:43:54 CEST 
Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-10-16 23:26:40 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 5 Mageia Robot 2019-10-17 00:24:04 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0297.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 6 David Walser 2019-11-26 20:05:03 CET 
This also fixed CVE-2019-1010220:
https://lists.opensuse.org/opensuse-updates/2019-08/msg00148.html