tcpdump: Multiple vulnerabilities — GLSA 201702-30

Multiple vulnerabilities have been found in tcpdump, the worst of which may allow execution of arbitrary code.

Affected packages

Background

tcpdump is a tool for network monitoring and data acquisition.

Description

Multiple vulnerabilities have been discovered in tcpdump. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker, by sending a specially crafted network package, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.9.0"
 

References

• CVE-2016-7922
• CVE-2016-7923
• CVE-2016-7924
• CVE-2016-7925
• CVE-2016-7926
• CVE-2016-7927
• CVE-2016-7928
• CVE-2016-7929
• CVE-2016-7930
• CVE-2016-7931
• CVE-2016-7932
• CVE-2016-7933
• CVE-2016-7934
• CVE-2016-7935
• CVE-2016-7936
• CVE-2016-7937
• CVE-2016-7938
• CVE-2016-7939
• CVE-2016-7940
• CVE-2016-7973
• CVE-2016-7974
• CVE-2016-7975
• CVE-2016-7983
• CVE-2016-7984
• CVE-2016-7985
• CVE-2016-7986
• CVE-2016-7992
• CVE-2016-7993
• CVE-2016-8574
• CVE-2016-8575
• CVE-2017-5202
• CVE-2017-5203
• CVE-2017-5204
• CVE-2017-5205
• CVE-2017-5341
• CVE-2017-5342
• CVE-2017-5482
• CVE-2017-5483
• CVE-2017-5484
• CVE-2017-5485
• CVE-2017-5486

Release date
February 21, 2017

Latest revision
February 21, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 606516