[SECURITY] [DLA 1090-1] tcpdump security update

2017-09-0606:42:34

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.161 Low

EPSS

Percentile

96.0%

JSON

Package : tcpdump
Version : 4.9.0-1~deb7u2
CVE ID : CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543

Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service (application crash).

For Debian 7 "Wheezy", these problems have been fixed in version
4.9.0-1~deb7u2.

We recommend that you upgrade your tcpdump packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9arm64tcpdump< 4.9.2-1~deb9u1tcpdump_4.9.2-1~deb9u1_arm64.deb
Debian7i386tcpdump< 4.9.0-1~deb7u2tcpdump_4.9.0-1~deb7u2_i386.deb
Debian9mipstcpdump-dbgsym< 4.9.2-1~deb9u1tcpdump-dbgsym_4.9.2-1~deb9u1_mips.deb
Debian9amd64tcpdump< 4.9.2-1~deb9u1tcpdump_4.9.2-1~deb9u1_amd64.deb
Debian9ppc64eltcpdump< 4.9.2-1~deb9u1tcpdump_4.9.2-1~deb9u1_ppc64el.deb
Debian9arm64tcpdump-dbgsym< 4.9.2-1~deb9u1tcpdump-dbgsym_4.9.2-1~deb9u1_arm64.deb
Debian7armhftcpdump< 4.9.0-1~deb7u2tcpdump_4.9.0-1~deb7u2_armhf.deb
Debian9alltcpdump< 4.9.2-1~deb9u1tcpdump_4.9.2-1~deb9u1_all.deb
Debian9s390xtcpdump-dbgsym< 4.9.2-1~deb9u1tcpdump-dbgsym_4.9.2-1~deb9u1_s390x.deb
Debian8armhftcpdump< 4.9.2-1~deb8u1tcpdump_4.9.2-1~deb8u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	arm64	tcpdump	< 4.9.2-1~deb9u1	tcpdump_4.9.2-1~deb9u1_arm64.deb
Debian	7	i386	tcpdump	< 4.9.0-1~deb7u2	tcpdump_4.9.0-1~deb7u2_i386.deb
Debian	9	mips	tcpdump-dbgsym	< 4.9.2-1~deb9u1	tcpdump-dbgsym_4.9.2-1~deb9u1_mips.deb
Debian	9	amd64	tcpdump	< 4.9.2-1~deb9u1	tcpdump_4.9.2-1~deb9u1_amd64.deb
Debian	9	ppc64el	tcpdump	< 4.9.2-1~deb9u1	tcpdump_4.9.2-1~deb9u1_ppc64el.deb
Debian	9	arm64	tcpdump-dbgsym	< 4.9.2-1~deb9u1	tcpdump-dbgsym_4.9.2-1~deb9u1_arm64.deb
Debian	7	armhf	tcpdump	< 4.9.0-1~deb7u2	tcpdump_4.9.0-1~deb7u2_armhf.deb
Debian	9	all	tcpdump	< 4.9.2-1~deb9u1	tcpdump_4.9.2-1~deb9u1_all.deb
Debian	9	s390x	tcpdump-dbgsym	< 4.9.2-1~deb9u1	tcpdump-dbgsym_4.9.2-1~deb9u1_s390x.deb
Debian	8	armhf	tcpdump	< 4.9.2-1~deb8u1	tcpdump_4.9.2-1~deb8u1_armhf.deb