Debian-LTS has issued an advisory today (November 10): https://www.debian.org/lts/security/2020/dla-2444 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
A homeless package, so having to assign the bug globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated package fixes a security vulnerability: The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. (CVE-2020-8037) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8037 https://www.debian.org/lts/security/2020/dla-2444 ======================== Updated packages in core/updates_testing: ======================== tcpdump-4.9.3-1.1.mga7 from SRPM: tcpdump-4.9.3-1.1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7Status: NEW => ASSIGNEDSource RPM: tcpdump-4.9.3-2.mga8.src.rpm => tcpdump-4.9.3-1.mga7.src.rpmCC: (none) => nicolas.salgueroCVE: (none) => CVE-2020-8037Assignee: pkg-bugs => qa-bugs
Installed and tested without issues. System: Mageia 6, x86_64, Intel CPU, RTL8168g ethernet, Wireguard VPN. Tested several commands taken from the manual page. No issues noticed. $ uname -a Linux marte 5.7.19-desktop-3.mga7 #1 SMP Sun Oct 18 15:46:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ lspcidrake | grep NET r8169 : Realtek Semiconductor Co., Ltd.|RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [NETWORK_ETHERNET] (rev: 11) $ dmesg | grep -i rtl [ 24.477717] r8169 0000:01:00.0 eth0: RTL8168g/8111g, 70:85:c2:c7:15:b2, XID 4c0, IRQ 28 $ rpm -q tcpdump tcpdump-4.9.3-1.1.mga7 $ ping -4q localhost & $ ping -6q localhost & $ tcpdump host localhost -i lo tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 13:00:10.555251 IP6 localhost > localhost: ICMP6, echo request, seq 4, length 64 13:00:10.555269 IP6 localhost > localhost: ICMP6, echo reply, seq 4, length 64 13:00:11.323252 IP localhost > localhost: ICMP echo request, id 2276, seq 9, length 64 13:00:11.323273 IP localhost > localhost: ICMP echo reply, id 2276, seq 9, length 64 <SNIP>
CC: (none) => mageia
MGA7-64 MATE on Peaq C1011 No installation issues Repeated above tests $ ping -4q localhost & [1] 1658 PING localhost (127.0.0.1) 56(84) bytes of data. $ ping -6q localhost & [2] 1693 PING localhost(localhost (::1)) 56 data bytes # tcpdump host localhost -i lo tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 15:20:48.991640 IP6 localhost > localhost: ICMP6, echo request, seq 82, length 64 15:20:48.991739 IP6 localhost > localhost: ICMP6, echo reply, seq 82, length 64 15:20:49.119594 IP localhost > localhost: ICMP echo request, id 1658, seq 114, length 64 15:20:49.119686 IP localhost > localhost: ICMP echo reply, id 1658, seq 114, length 64 and loads more ...... Seems OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory and packages in Comment 2. Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0430.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED