Debian has issued an advisory today (March 17): https://www.debian.org/security/2015/dsa-3193 Mageia 4 and Mageia 5 are affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Patches checked into Mageia 4 and Cauldron SVN. Freeze push requested for Cauldron.
Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated tcpdump package fixes security vulnerabilities: Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2155 https://www.debian.org/security/2015/dsa-3193 ======================== Updated packages in core/updates_testing: ======================== tcpdump-4.4.0-2.3.mga4 from tcpdump-4.4.0-2.3.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
There are PoC files embedded in the upstream patches linked from the RedHat bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1201792 https://bugzilla.redhat.com/show_bug.cgi?id=1201795 Locally I removed the code changes from those patches (as they're redundant with the Debian patches I already added), used git to apply the patches (needed because they create binary files), and had it run make check. The make check did fail on the testcases, but it looks like that's just because the output didn't exactly match what it expected, but these test cases were written for a newer version of tcpdump. It does look like it worked correctly, and it certainly didn't crash, so I think it's OK. Doing a normal capture worked fine: tcpdump -c 20 -i ens32 -envvXX Testing complete Mageia 4 i586. For x86_64, a normal capture test should be sufficient.
Whiteboard: (none) => has_procedure MGA4-32-OKSeverity: normal => major
Testing on Mageia4x64 real hardware, From current package : -------------------- tcpdump-4.4.0-2.2.mga4 Tried various capture commands # tcpdump -i enp3s0 captures all packets in enp3s0 interface # tcpdump -c 4 -i enp3s0 captures only 4 packets from enp3s0 interface. # tcpdump -w /home/zitounu/Documents/tcpdump.pcap -i enp3s0 Captures all packets from enp3s0 interface and write them in a pcap file # tcpdump -tttt -r /home/zitounu/Documents/tcpdump.pcap reads the pcap file # tcpdump -i enp3s0 port 80 only captures the packets received by port 80 To updated testing package : -------------------------- tcpdump-4.4.0-2.3.mga4 # tcpdump -i enp3s0 # tcpdump -c 4 -i enp3s0 # tcpdump -w /home/zitounu/Documents/tcpdump.pcap -i enp3s0 # tcpdump -tttt -r /home/zitounu/Documents/tcpdump.pcap # tcpdump -i enp3s0 port 80 All OK
CC: (none) => olchalWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Advisory uploaded, validating. Please push to 4 core/updates.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure MGA4-32-OK MGA4-64-OK advisoryCC: (none) => remi, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0114.html
Status: NEW => RESOLVEDResolution: (none) => FIXED