Bug 33204

tcpdump-4.99.4-1.1.mga9 is currently building.

Suggested advisory:
========================

The updated package fixes a security vulnerability:

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. (CVE-2024-2397)

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/
========================

Updated package in core/updates_testing:
========================
tcpdump-4.99.4-1.1.mga9

from SRPM:
tcpdump-4.99.4-1.1.mga9.src.rpm

Status comment: Patch available from Cauldron => (none)
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing tcpdump-4.99.4-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: tcpdump               ##################################################################################################
      1/1: removing tcpdump-2:4.99.4-1.mga9.x86_64
                                 ##################################################################################################


Reference test made by Thomas in bug#31782 comment4

 tcpdump -tttt
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
2024-05-14 17:47:51.221028 IP 192.168.1.64.mdns > mdns.mcast.net.mdns: 54 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
2024-05-14 17:47:51.305423 IP phoenix.local.49807 > one.one.one.one.domain: 11779+ PTR? 251.0.0.224.in-addr.arpa. (42)
2024-05-14 17:47:51.317006 IP one.one.one.one.domain > phoenix.local.49807: 11779 1/0/0 PTR mdns.mcast.net. (70)
2024-05-14 17:47:51.317154 IP phoenix.local.46011 > one.one.one.one.domain: 34506+ PTR? 64.1.168.192.in-addr.arpa. (43)
2024-05-14 17:47:51.328054 IP one.one.one.one.domain > phoenix.local.46011: 34506 NXDomain 0/0/0 (43)
2024-05-14 17:47:51.428945 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43)
2024-05-14 17:47:51.429000 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43)
2024-05-14 17:47:52.430692 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43)
2024-05-14 17:47:52.430769 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43)
2024-05-14 17:47:54.433450 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43)
2024-05-14 17:47:54.433544 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43)
2024-05-14 17:47:56.331818 IP phoenix.local.41868 > one.one.one.one.domain: 11695+ PTR? 1.1.1.1.in-addr.arpa. (38)
2024-05-14 17:47:56.344052 IP one.one.one.one.domain > phoenix.local.41868: 11695 1/0/0 PTR one.one.one.one. (67)
2024-05-14 17:47:56.344304 IP phoenix.local.53227 > one.one.one.one.domain: 38403+ PTR? 3.1.168.192.in-addr.arpa. (42)
2024-05-14 17:47:56.355164 IP one.one.one.one.domain > phoenix.local.53227: 38403 NXDomain 0/0/0 (42)
2024-05-14 17:47:56.455884 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 3.1.168.192.in-addr.arpa. (42)
2024-05-14 17:47:56.455934 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 3.1.168.192.in-addr.arpa. (42)
2024-05-14 17:47:56.456176 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0*- [0q] 1/0/0 (Cache flush) PTR phoenix.local. (63)
2024-05-14 17:47:56.456586 IP phoenix.local.51135 > one.one.one.one.domain: 40026+ PTR? b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
2024-05-14 17:47:56.468531 IP one.one.one.one.domain > phoenix.local.51135: 40026 NXDomain 0/1/0 (166)
2024-05-14 17:47:56.469040 IP phoenix.local.50308 > one.one.one.one.domain: 59146+ PTR? 7.4.d.c.d.d.e.f.f.f.5.9.9.6.2.e.e.c.6.4.b.1.0.0.e.4.0.1.6.0.8.2.ip6.arpa. (90)
2024-05-14 17:47:56.796915 IP phoenix.local.51220 > vmi527359.contaboserver.net.ssh: Flags [P.], seq 3172428979:3172429031, ack 4256748088, win 82, options [nop,nop,TS val 4034461785 ecr 522114178], length 52
2024-05-14 17:47:56.993825 IP vmi527359.contaboserver.net.ssh > phoenix.local.51220: Flags [P.], seq 1:37, ack 52, win 292, options [nop,nop,TS val 522129174 ecr 4034461785], length 36
2024-05-14 17:47:56.993877 IP phoenix.local.51220 > vmi527359.contaboserver.net.ssh: Flags [.], ack 37, win 82, options [nop,nop,TS val 4034461982 ecr 522129174], length 0
2024-05-14 17:47:57.125678 IP one.one.one.one.domain > phoenix.local.50308: 59146 1/0/0 PTR 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx. (165)
2024-05-14 17:47:57.126323 IP phoenix.local.53861 > one.one.one.one.domain: 40136+ PTR? 42.97.68.164.in-addr.arpa. (43)
2024-05-14 17:47:57.606965 IP one.one.one.one.domain > phoenix.local.53861: 40136 1/0/0 PTR vmi527359.contaboserver.net. (84)
2024-05-14 17:47:58.677330 ARP, Request who-has phoenix.local tell _gateway, length 46
2024-05-14 17:47:58.677349 ARP, Reply phoenix.local is-at e0:69:95:dd:cd:47 (oui Unknown), length 28
2024-05-14 17:47:58.689043 IP phoenix.local.52891 > one.one.one.one.domain: 64429+ PTR? 254.1.168.192.in-addr.arpa. (44)
2024-05-14 17:47:58.699777 IP one.one.one.one.domain > phoenix.local.52891: 64429 NXDomain 0/0/0 (44)
2024-05-14 17:47:58.800520 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44)
2024-05-14 17:47:58.800572 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44)
2024-05-14 17:47:59.802244 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44)
2024-05-14 17:47:59.802303 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44)
2024-05-14 17:48:01.805048 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44)
2024-05-14 17:48:01.805099 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44)
^C
37 packets captured
37 packets received by filter
0 packets dropped by kernel

tcpdump -w tmp/tmp.pcap
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C9 packets captured
9 packets received by filter
0 packets dropped by kernel

tcpdump -w tmp/tmp.pcap
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C9 packets captured
9 packets received by filter
0 packets dropped by kernel
[root@phoenix ~]#  tcpdump -tttt -r tmp/tmp.pcap
reading from file tmp/tmp.pcap, link-type EN10MB (Ethernet), snapshot length 262144
2024-05-14 17:49:23.108615 IP 80.66.83.164.49905 > phoenix.local.53569: Flags [S], seq 3247022263, win 1025, options [mss 1452], length 0
2024-05-14 17:49:24.693361 ARP, Request who-has phoenix.local tell _gateway, length 46
2024-05-14 17:49:24.693377 ARP, Reply phoenix.local is-at e0:69:95:dd:cd:47 (oui Unknown), length 28
2024-05-14 17:49:25.963547 IP 80.66.83.161.49718 > phoenix.local.36414: Flags [S], seq 313680609, win 1024, options [mss 536], length 0
2024-05-14 17:49:26.801868 IP phoenix.local.51220 > vmi527359.contaboserver.net.ssh: Flags [P.], seq 3172429291:3172429343, ack 4256748304, win 82, options [nop,nop,TS val 4034551790 ecr 522204172], length 52
2024-05-14 17:49:26.999202 IP vmi527359.contaboserver.net.ssh > phoenix.local.51220: Flags [P.], seq 1:37, ack 52, win 292, options [nop,nop,TS val 522219180 ecr 4034551790], length 36
2024-05-14 17:49:26.999257 IP phoenix.local.51220 > vmi527359.contaboserver.net.ssh: Flags [.], ack 37, win 82, options [nop,nop,TS val 4034551987 ecr 522219180], length 0
2024-05-14 17:49:28.188898 IP unused-space.coop.net.28920 > phoenix.local.5901: Flags [S], seq 371541030, win 42340, options [mss 1452,sackOK,TS val 1715638716 ecr 0,nop,wscale 10], length 0
2024-05-14 17:49:31.224904 IP 192.168.1.64.mdns > mdns.mcast.net.mdns: 59 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)

Looks good

Whiteboard: (none) => MGA9-64-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0177.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED