Debian and Ubuntu have issued advisories on December 3 and December 4: https://www.debian.org/security/2014/dsa-3086 http://www.ubuntu.com/usn/usn-2433-1/ Patched packages uploaded for Mageia 4 and Cauldron. I don't see a PoC for this one. Advisory: ======================== Updated tcpdump packages fix security vulnerability: It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9140). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140 http://www.ubuntu.com/usn/usn-2433-1/ ======================== Updated packages in core/updates_testing: ======================== tcpdump-4.4.0-2.2.mga4 from tcpdump-4.4.0-2.2.mga4.src.rpm Reproducible: Steps to Reproduce:
In VirtualBox, M4, KDE, 32-bit Package(s) under test: tcpdump default install of tcpdump [root@localhost wilcal]# urpmi tcpdump Package tcpdump-4.4.0-2.1.mga4.i586 is already installed tcpdump, -help works, "-i any" displays a running log of tcp traffic tcpdump -nnvvXS displays an extremely detailed running log of tcp traffic install tcpdump from updates_testing [root@localhost wilcal]# urpmi tcpdump Package tcpdump-4.4.0-2.2.mga4.i586 is already installed tcpdump, -help works, "-i any" displays a running log of tcp traffic tcpdump -nnvvXS displays an extremely detailed running log of tcp traffic Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.intWhiteboard: (none) => MGA4-32-OK
In VirtualBox, M4, KDE, 64-bit Package(s) under test: tcpdump default install of tcpdump [root@localhost wilcal]# urpmi tcpdump Package tcpdump-4.4.0-2.1.mga4.x86_64 is already installed tcpdump, -help works, "-i any" displays a running log of tcp traffic tcpdump -nnvvXS displays an extremely detailed running log of tcp traffic install tcpdump from updates_testing [root@localhost wilcal]# urpmi tcpdump Package tcpdump-4.4.0-2.2.mga4.x86_64 is already installed tcpdump, -help works, "-i any" displays a running log of tcp traffic tcpdump -nnvvXS displays an extremely detailed running log of tcp traffic Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: MGA4-32-OK => MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
URL: (none) => http://lwn.net/Vulnerabilities/624613/
Advisory uploaded.
CC: (none) => remiWhiteboard: MGA4-32-OK MGA4-64-OK => MGA4-32-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0511.html
Status: NEW => RESOLVEDResolution: (none) => FIXED