tcpdump 4.99.4 has been released on April 7, along with libpcap 1.10.4: https://git.tcpdump.org/libpcap/blob/HEAD:/CHANGES https://git.tcpdump.org/tcpdump/blob/HEAD:/CHANGES The tcpdump update fixes a CVE, coverity warnings, and a few other bugs. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 4.99.4
Updates submitted to Cauldron updates_testing, with a freeze move request.
Thanks for doing Cauldron. That leaves Mageia 8. tcpdump is dealt with by different packagers, so have to assign this update globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated package fixes a security vulnerability: The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. (CVE-2023-1801) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1801 https://git.tcpdump.org/tcpdump/blob/HEAD:/CHANGES ======================== Updated package in core/updates_testing: ======================== tcpdump-4.99.2-1.1.mga8 from SRPM: tcpdump-4.99.2-1.1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)CVE: (none) => CVE-2023-1801CC: (none) => nicolas.salgueroSource RPM: tcpdump-4.99.3-1.mga9.src.rpm => tcpdump-4.99.2-1.mga8.src.rpmVersion: Cauldron => 8Assignee: pkg-bugs => qa-bugsStatus comment: Fixed upstream in 4.99.4 => (none)Status: NEW => ASSIGNED
CC: (none) => mageia
No installation issues. Used some commands from bug 25565 comment 3 on a Probook 6550b running with an active vpn: # tcpdump -tttt tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on wlo1, link-type EN10MB (Ethernet), snapshot length 262144 bytes 2023-04-18 18:39:55.703814 IP _gateway > all-systems.mcast.net: igmp query v2 2023-04-18 18:39:55.758863 IP linux.local.48783 > 185.141.119.58.openvpn: UDP, length 92 2023-04-18 18:39:55.794518 IP 185.141.119.58.openvpn > linux.local.48783: UDP, length 503 2023-04-18 18:39:55.795007 IP linux.local.48783 > 185.141.119.58.openvpn: UDP, length 94 2023-04-18 18:39:55.830613 IP 185.141.119.58.openvpn > linux.local.48783: UDP, length 149 2023-04-18 18:39:55.931609 IP6 linux.local.mdns > ff02::fb.mdns: 0 PTR (QM)? 1.1.168.192.in-addr.arpa. (42) 2023-04-18 18:39:55.931794 IP linux.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 1.1.168.192.in-addr.arpa. (42) 2023-04-18 18:39:56.932291 IP6 linux.local.mdns > ff02::fb.mdns: 0 PTR (QM)? 1.1.168.192.in-addr.arpa. (42) 2023-04-18 18:39:56.932409 IP linux.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 1.1.168.192.in-addr.arpa. (42) 2023-04-18 18:39:58.934285 IP6 linux.local.mdns > ff02::fb.mdns: 0 PTR (QM)? 1.1.168.192.in-addr.arpa. (42) 2023-04-18 18:39:58.934407 IP linux.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 1.1.168.192.in-addr.arpa. (42) And more... ^C 32 packets captured 55 packets received by filter 23 packets dropped by kernel (My understanding is that dropping some TCP packets while connected to a UDP VPN is not at all unusual.) # tcpdump -w tmp/tmp.pcap tcpdump: listening on wlo1, link-type EN10MB (Ethernet), snapshot length 262144 bytes Stopped with ^C after a few seconds, then: 9 packets captured 9 packets received by filter 0 packets dropped by kernel # tcpdump -tttt -r tmp/tmp.pcap reading from file tmp/tmp.pcap, link-type EN10MB (Ethernet), snapshot length 262144 2023-04-18 18:46:50.066329 IP linux.local.48783 > 185.141.119.58.openvpn: UDP, length 122 2023-04-18 18:46:50.101624 IP 185.141.119.58.openvpn > linux.local.48783: UDP, length 76 2023-04-18 18:46:50.107527 IP 185.141.119.58.openvpn > linux.local.48783: UDP, length 122 2023-04-18 18:46:50.148040 IP linux.local.48783 > 185.141.119.58.openvpn: UDP, length 76 2023-04-18 18:46:51.502814 IP 185.141.119.58.openvpn > linux.local.48783: UDP, length 76 2023-04-18 18:46:51.503341 IP linux.local.48783 > 185.141.119.58.openvpn: UDP, length 100 2023-04-18 18:46:51.503421 IP linux.local.48783 > 185.141.119.58.openvpn: UDP, length 76 2023-04-18 18:46:51.538758 IP 185.141.119.58.openvpn > linux.local.48783: UDP, length 64 2023-04-18 18:46:51.543759 IP 185.141.119.58.openvpn > linux.local.48783: UDP, length 64 Looks OK to me. Validating. Advisory in comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0154.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED