The CHANGES file for tcpdump 4.9.2 reads as follows. Sunday September 3, 2017 denis@ovsienko.info Summary for 4.9.2 tcpdump release Do not use getprotobynumber() for protocol name resolution. Do not do any protocol name resolution if -n is specified. Improve errors detection in the test scripts. Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. Clean up IS-IS printing. Fix buffer overflow vulnerabilities: CVE-2017-11543 (SLIP) CVE-2017-13011 (bittok2str_internal) Fix infinite loop vulnerabilities: CVE-2017-12989 (RESP) CVE-2017-12990 (ISAKMP) CVE-2017-12995 (DNS) CVE-2017-12997 (LLDP) Fix buffer over-read vulnerabilities: CVE-2017-11541 (safeputs) CVE-2017-11542 (PIMv1) CVE-2017-12893 (SMB/CIFS) CVE-2017-12894 (lookup_bytestring) CVE-2017-12895 (ICMP) CVE-2017-12896 (ISAKMP) CVE-2017-12897 (ISO CLNS) CVE-2017-12898 (NFS) CVE-2017-12899 (DECnet) CVE-2017-12900 (tok2strbuf) CVE-2017-12901 (EIGRP) CVE-2017-12902 (Zephyr) CVE-2017-12985 (IPv6) CVE-2017-12986 (IPv6 routing headers) CVE-2017-12987 (IEEE 802.11) CVE-2017-12988 (telnet) CVE-2017-12991 (BGP) CVE-2017-12992 (RIPng) CVE-2017-12993 (Juniper) CVE-2017-11542 (PIMv1) CVE-2017-11541 (safeputs) CVE-2017-12994 (BGP) CVE-2017-12996 (PIMv2) CVE-2017-12998 (ISO IS-IS) CVE-2017-12999 (ISO IS-IS) CVE-2017-13000 (IEEE 802.15.4) CVE-2017-13001 (NFS) CVE-2017-13002 (AODV) CVE-2017-13003 (LMP) CVE-2017-13004 (Juniper) CVE-2017-13005 (NFS) CVE-2017-13006 (L2TP) CVE-2017-13007 (Apple PKTAP) CVE-2017-13008 (IEEE 802.11) CVE-2017-13009 (IPv6 mobility) CVE-2017-13010 (BEEP) CVE-2017-13012 (ICMP) CVE-2017-13013 (ARP) CVE-2017-13014 (White Board) CVE-2017-13015 (EAP) CVE-2017-11543 (SLIP) CVE-2017-13016 (ISO ES-IS) CVE-2017-13017 (DHCPv6) CVE-2017-13018 (PGM) CVE-2017-13019 (PGM) CVE-2017-13020 (VTP) CVE-2017-13021 (ICMPv6) CVE-2017-13022 (IP) CVE-2017-13023 (IPv6 mobility) CVE-2017-13024 (IPv6 mobility) CVE-2017-13025 (IPv6 mobility) CVE-2017-13026 (ISO IS-IS) CVE-2017-13027 (LLDP) CVE-2017-13028 (BOOTP) CVE-2017-13029 (PPP) CVE-2017-13030 (PIM) CVE-2017-13031 (IPv6 fragmentation header) CVE-2017-13032 (RADIUS) CVE-2017-13033 (VTP) CVE-2017-13034 (PGM) CVE-2017-13035 (ISO IS-IS) CVE-2017-13036 (OSPFv3) CVE-2017-13037 (IP) CVE-2017-13038 (PPP) CVE-2017-13039 (ISAKMP) CVE-2017-13040 (MPTCP) CVE-2017-13041 (ICMPv6) CVE-2017-13042 (HNCP) CVE-2017-13043 (BGP) CVE-2017-13044 (HNCP) CVE-2017-13045 (VQP) CVE-2017-13046 (BGP) CVE-2017-13047 (ISO ES-IS) CVE-2017-13048 (RSVP) CVE-2017-13049 (Rx) CVE-2017-13050 (RPKI-Router) CVE-2017-13051 (RSVP) CVE-2017-13052 (CFM) CVE-2017-13053 (BGP) CVE-2017-13054 (LLDP) CVE-2017-13055 (ISO IS-IS) CVE-2017-13687 (Cisco HDLC) CVE-2017-13688 (OLSR) CVE-2017-13689 (IKEv1) CVE-2017-13690 (IKEv2) CVE-2017-13725 (IPv6 routing headers) Updated packages uploaded for Mageia 5, Mageia 6, and Cauldron: tcpdump-4.9.2-1.mga5 tcpdump-4.9.2-1.mga6 from SRPMS: tcpdump-4.9.2-1.mga5.src.rpm tcpdump-4.9.2-1.mga6.src.rpm
Whiteboard: (none) => MGA5TOO
Installed and tested without issues. Tests: - Dumping random net activity; - Filtering some (existing and new) pcap files; - Capturing to pcap files. Didn't do any CVE related tests but for normal usage it seems to be working. System: Mageia 5, x86_64, Intel CPU, Realtek RTL8168c/8111c Ethernet. $ rpm -q tcpdump tcpdump-4.9.2-1.mga5 $ uname -a Linux marte 4.4.82-desktop-1.mga5 #1 SMP Sun Aug 13 18:03:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ lspcidrake | grep Ethernet r8169 : Realtek Semiconductor Co., Ltd.|RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [NETWORK_ETHERNET] (rev: 02) dmesg | egrep -o 'RTL.*(8111|8168|8411)' RTL8168c/8111
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OKCC: (none) => mageia
Advisory made from Comment 0. No references. Included *all* the CVEs cited; it should be easy to remove any that prove superflous. @David : let me know if you want it changed.
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK advisoryCC: (none) => lewyssmith
Moving 'advisory' from whiteboard to keywords now that madb has been updated to handle that keyword.
Keywords: (none) => advisoryWhiteboard: MGA5TOO MGA5-64-OK advisory => MGA5TOO MGA5-64-OK
Testing M6/64 BEFORE the update, installed: tcpdump-4.9.1-1.mga6.x86_64.rpm (already in 'updates'). It has a good man page. With just a single ethernet connection, did (you seem to need to be root to run it): # tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp4s0, link-type EN10MB (Ethernet), capture size x bytes and generated traffic by refreshing tabs open in a browser. It pours out on the console, showing a lot of disconcerting exchanges... ^C810 packets captured 1159 packets received by filter 349 packets dropped by kernel # tcpdump -w tmp/tcpdump tcpdump: listening on enp4s0, link-type EN10MB (Ethernet), capture size x bytes outputs to a file. This is binary, not directly viewable; apparently .pcap format. ^C905 packets captured 905 packets received by filter 0 packets dropped by kernel # tcpdump -r tmp/tcpdump | less Reads it back, intelligibly. AFTER update to: tcpdump-4.9.2-1.mga6 Ran through the same sequence. Without understanding the significance of what is logged, it all looks sensible and OK. With filtering possibilities, this looks a handy interface monitor. Perhaps better usage would be with the options: -v a bit more info -l Make stdout line buffered. Useful if you want to see the data while capturing it. E.g., # tcpdump -l | tee <file> Validating as we have a test for both releases.
Keywords: (none) => validated_updateWhiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0335.html
Status: NEW => RESOLVEDResolution: (none) => FIXED