Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.
1ccd5f307af57152abb6e4f0da773ca4420fb7a6e98f26301366a9071ecc9a33
Mandriva Linux Security Advisory 2015-125 - The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set. The application decoder for the Ad hoc On-Demand Distance Vector protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults. It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code. .
cccdf6a08416c7e233f85d97827ddb003d99b7d183693360b958ba81f6accaa2
Gentoo Linux Security Advisory 201502-5 - Multiple vulnerabilities in tcpdump could result in execution of arbitrary code or Denial of Service. Versions less than 4.6.2-r1 are affected.
e0a490dd275c1688bb051b684d6d9d603df423956d39194a2ba5460ecdcaa5e1
Debian Linux Security Advisory 3086-1 - Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code.
4d690b880773980ed5d17e7ca82373ea26fc5b1f0b5c4659b5fb394b07206cb1
Ubuntu Security Notice 2433-1 - Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.
779744583ffb14e8dcad9404a2e695903e983a3de2b23a0e531e69e6fdd18d14
It was found out that malformed network traffic (AOVD-based) can lead to an abnormal behavior if verbose output of tcpdump monitoring the network is used. Affected versions are 3.8 through 4.6.2.
a85471c18f98a1639c42f4f8a5c4ac76bfadbcf018487d3c509fec2e23a05a65