Ubuntu Security Notice 5331-2 - USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
38b46a173218a86068577a31a1c94662185b8daf7a603f126f70a1f8cb5f6b6f
==========================================================================
Ubuntu Security Notice USN-5331-2
April 11, 2022
tcpdump vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in tcpdump.
Software Description:
- tcpdump: command-line network traffic analyzer
Details:
USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that tcpdump incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2018-16301)
It was discovered that tcpdump incorrectly handled certain captured data.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8037)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
tcpdump 4.9.3-4ubuntu0.1
Ubuntu 18.04 LTS:
tcpdump 4.9.3-0ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5331-2
https://ubuntu.com/security/notices/USN-5331-1
CVE-2018-16301, CVE-2020-8037
Package Information:
https://launchpad.net/ubuntu/+source/tcpdump/4.9.3-4ubuntu0.1
https://launchpad.net/ubuntu/+source/tcpdump/4.9.3-0ubuntu0.18.04.2