- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201709-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Tcpdump: Multiple vulnerabilities
     Date: September 25, 2017
     Bugs: #624652, #626462, #630110
       ID: 201709-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Tcpdump, the worst of which
may allow execution of arbitrary code.

Background
==========

Tcpdump is a tool for network monitoring and data acquisition.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  net-analyzer/tcpdump         < 4.9.2                    >= 4.9.2 

Description
===========

Multiple vulnerabilities have been discovered in Tcpdump. Please review
the referenced CVE identifiers for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process or cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Tcpdump users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.9.2"

References
==========

[  1 ] CVE-2017-11108
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11108
[  2 ] CVE-2017-11541
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11541
[  3 ] CVE-2017-11542
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11542
[  4 ] CVE-2017-11543
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11543
[  5 ] CVE-2017-11544
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11544
[  6 ] CVE-2017-12893
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12893
[  7 ] CVE-2017-12894
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12894
[  8 ] CVE-2017-12895
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12895
[  9 ] CVE-2017-12896
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12896
[ 10 ] CVE-2017-12897
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12897
[ 11 ] CVE-2017-12898
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12898
[ 12 ] CVE-2017-12899
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12899
[ 13 ] CVE-2017-12900
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12900
[ 14 ] CVE-2017-12901
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12901
[ 15 ] CVE-2017-12902
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12902
[ 16 ] CVE-2017-12985
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12985
[ 17 ] CVE-2017-12986
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12986
[ 18 ] CVE-2017-12987
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12987
[ 19 ] CVE-2017-12988
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12988
[ 20 ] CVE-2017-12989
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12989
[ 21 ] CVE-2017-12990
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12990
[ 22 ] CVE-2017-12991
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12991
[ 23 ] CVE-2017-12992
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12992
[ 24 ] CVE-2017-12993
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12993
[ 25 ] CVE-2017-12994
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12994
[ 26 ] CVE-2017-12995
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12995
[ 27 ] CVE-2017-12996
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12996
[ 28 ] CVE-2017-12997
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12997
[ 29 ] CVE-2017-12998
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12998
[ 30 ] CVE-2017-12999
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12999
[ 31 ] CVE-2017-13000
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13000
[ 32 ] CVE-2017-13001
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13001
[ 33 ] CVE-2017-13002
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13002
[ 34 ] CVE-2017-13003
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13003
[ 35 ] CVE-2017-13004
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13004
[ 36 ] CVE-2017-13005
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13005
[ 37 ] CVE-2017-13006
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13006
[ 38 ] CVE-2017-13007
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13007
[ 39 ] CVE-2017-13008
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13008
[ 40 ] CVE-2017-13009
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13009
[ 41 ] CVE-2017-13010
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13010
[ 42 ] CVE-2017-13011
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13011
[ 43 ] CVE-2017-13012
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13012
[ 44 ] CVE-2017-13013
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13013
[ 45 ] CVE-2017-13014
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13014
[ 46 ] CVE-2017-13015
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13015
[ 47 ] CVE-2017-13016
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13016
[ 48 ] CVE-2017-13017
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13017
[ 49 ] CVE-2017-13018
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13018
[ 50 ] CVE-2017-13019
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13019
[ 51 ] CVE-2017-13020
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13020
[ 52 ] CVE-2017-13021
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13021
[ 53 ] CVE-2017-13022
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13022
[ 54 ] CVE-2017-13023
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13023
[ 55 ] CVE-2017-13024
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13024
[ 56 ] CVE-2017-13025
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13025
[ 57 ] CVE-2017-13026
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13026
[ 58 ] CVE-2017-13027
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13027
[ 59 ] CVE-2017-13028
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13028
[ 60 ] CVE-2017-13029
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13029
[ 61 ] CVE-2017-13030
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13030
[ 62 ] CVE-2017-13031
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13031
[ 63 ] CVE-2017-13032
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13032
[ 64 ] CVE-2017-13033
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13033
[ 65 ] CVE-2017-13034
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13034
[ 66 ] CVE-2017-13035
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13035
[ 67 ] CVE-2017-13036
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13036
[ 68 ] CVE-2017-13037
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13037
[ 69 ] CVE-2017-13038
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13038
[ 70 ] CVE-2017-13039
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13039
[ 71 ] CVE-2017-13040
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13040
[ 72 ] CVE-2017-13041
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13041
[ 73 ] CVE-2017-13042
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13042
[ 74 ] CVE-2017-13043
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13043
[ 75 ] CVE-2017-13044
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13044
[ 76 ] CVE-2017-13045
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13045
[ 77 ] CVE-2017-13046
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13046
[ 78 ] CVE-2017-13047
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13047
[ 79 ] CVE-2017-13048
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13048
[ 80 ] CVE-2017-13049
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13049
[ 81 ] CVE-2017-13050
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13050
[ 82 ] CVE-2017-13051
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13051
[ 83 ] CVE-2017-13052
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13052
[ 84 ] CVE-2017-13053
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13053
[ 85 ] CVE-2017-13054
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13054
[ 86 ] CVE-2017-13055
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13055
[ 87 ] CVE-2017-13687
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13687
[ 88 ] CVE-2017-13688
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13688
[ 89 ] CVE-2017-13689
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13689
[ 90 ] CVE-2017-13690
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13690
[ 91 ] CVE-2017-13725
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13725

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201709-23

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5