Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2316 tcpdump security update 13 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tcpdump Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-13725 CVE-2017-13690 CVE-2017-13689 CVE-2017-13688 CVE-2017-13687 CVE-2017-13055 CVE-2017-13054 CVE-2017-13053 CVE-2017-13052 CVE-2017-13051 CVE-2017-13050 CVE-2017-13049 CVE-2017-13048 CVE-2017-13047 CVE-2017-13046 CVE-2017-13045 CVE-2017-13044 CVE-2017-13043 CVE-2017-13042 CVE-2017-13041 CVE-2017-13040 CVE-2017-13039 CVE-2017-13038 CVE-2017-13037 CVE-2017-13036 CVE-2017-13035 CVE-2017-13034 CVE-2017-13033 CVE-2017-13032 CVE-2017-13031 CVE-2017-13030 CVE-2017-13029 CVE-2017-13028 CVE-2017-13027 CVE-2017-13026 CVE-2017-13025 CVE-2017-13024 CVE-2017-13023 CVE-2017-13022 CVE-2017-13021 CVE-2017-13020 CVE-2017-13019 CVE-2017-13018 CVE-2017-13017 CVE-2017-13016 CVE-2017-13015 CVE-2017-13014 CVE-2017-13013 CVE-2017-13012 CVE-2017-13011 CVE-2017-13010 CVE-2017-13009 CVE-2017-13008 CVE-2017-13007 CVE-2017-13006 CVE-2017-13005 CVE-2017-13004 CVE-2017-13003 CVE-2017-13002 CVE-2017-13001 CVE-2017-13000 CVE-2017-12999 CVE-2017-12998 CVE-2017-12997 CVE-2017-12996 CVE-2017-12995 CVE-2017-12994 CVE-2017-12993 CVE-2017-12992 CVE-2017-12991 CVE-2017-12990 CVE-2017-12989 CVE-2017-12988 CVE-2017-12987 CVE-2017-12986 CVE-2017-12985 CVE-2017-12902 CVE-2017-12901 CVE-2017-12900 CVE-2017-12899 CVE-2017-12898 CVE-2017-12897 CVE-2017-12896 CVE-2017-12895 CVE-2017-12894 CVE-2017-12893 CVE-2017-11543 CVE-2017-11542 CVE-2017-11541 CVE-2017-11108 Reference: ESB-2017.1406 ESB-2017.0914 ESB-2017.0532 Original Bulletin: http://www.debian.org/security/2017/dsa-3971 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3971-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : tcpdump CVE ID : CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Debian Bug : 867718 873804 873805 873806 Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 4.9.2-1~deb8u1. For the stable distribution (stretch), these problems have been fixed in version 4.9.2-1~deb9u1. For the testing distribution (buster), these problems have been fixed in version 4.9.2-1 or earlier versions. For the unstable distribution (sid), these problems have been fixed in version 4.9.2-1 or earlier versions. We recommend that you upgrade your tcpdump packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlm4uyFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TZxQ//dJk+0pnQFqBEEst1/y1OC5Xqq4QGcyj8kbencAzN8zoBAc+Q1b4kqW6r kh+VSVWfth2vQWOBojBdSeE0xrCn2K8SLrxyrPLRnLHFcG9qZFofG99mV+hbJuwV fDQ/SrZeRrcbT/7c8uAUSJ40acp0FZZSluTYRYvIx05qujBqlAYJqE6EeZXplquJ NdXaR5uhKiR31PZjjpxwQIyPO5/RnGud3IPFfGpZ9o3MKIb7eN43ZV4VJ6Jncazm KzxI+oVS/uPoKG3wEjFCXm+t3VD5ACLbLKcL4qf9lri1kp3T65Ury9+QJ9atNgxv /qb+g2noOsXy9/rSvjFvxzB+lPj3CINtopYiXOX4H5vCKrOZ/DaiNu5Q1y0bly5X xGrie5CjjbyQ+Ybz47OXI8iD5EGDkZP5vqryroyz+xsj90O+fYnZ8Fq/Lwrr5gHs ohhQTQj5MnALGxKE5Vl9quLuJR9oDrg41XlikY1JhFVJ+IObe+iZD2+NvpYOHYfu h3PQ0c0kyvW33XfIAM1LWlWamolEWu2ouhc7TRoUSgFpZXdeB8k6tisZWMiGIWNL DQ1n+T6UrpcgeXu1tsD1LpSYgr5vD5nFApbpvWade1KLQWdjVakYPLgQ6caVOq2m DCcBR6jHbiwIrz0z+CfKybll5EHXNMCu3Aaz40wkcZD3g6L4Zdg= =zh6c - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWbjOxIx+lLeg9Ub1AQjSWhAArAq1H/zciTyWEkgKud/JRTEUSOtSH6RC i2wojm0EnHS6PFnb/qkmXzKgk+tGF3WewkWrOd9XpwKu49wGH5mTVQdnZTj6HS8t Mhkfs6DiYwR5VUm+9/XM/By6tKyZT+m1oOO0tY44K7rj4TS4X/nOz2wReQ4wm4I/ VXRLlhcxwEm/nHXkZMqPHETfPDc+HyZQJjtepBFjn/N26HB8JHMiPzhyT5WIdFkT je615TyqtxD2LkX8HbZxYVQ05xoUWxBNvuIsERWvamjQKvsc2JfLOKRBWOmYMum0 de47WFAJlMsYY2QUDPClSiQOJgJsSi0g9pHTscHMj6XI24XIGrKD41/Zjh3W1sFk rJ8VqVNu2elbKkzP1K+pWQrUmA30uDQHvccV57fRgsyngrNpqe+okZEbNuXCAm4N 3eSensui+xCZW7x0JJfPPukI3HMZzdmjz48r0z+A8QGRc9van9hEGydTCETeGly9 UQ/kUhN1CtcrbnTd7Gmd6XBeKgRwyPmkR/B4KHVM7my7JUf2fZy9XNeXxnfSqGsV 9mUysJz8GIEOsN0fn2L0ec858DldHsUIAwIIDCRLNDjSVw2ITKteyx7KLPeD+OED fGH+7laxZtXLEyHJ6a2CkpqqhcI+xtLnQ6Mij8B6QeAb+issz5UuULi1t4rvLMeq t3JPuug+ksE= =2nSG -----END PGP SIGNATURE-----