Overview

File _patchinfo of Package patchinfo.17078

<patchinfo incident="17078">
  <issue tracker="bnc" id="1178466">VUL-1: CVE-2020-8037: tcpdump: The ppp decapsulator in can be convinced to allocate a large amount of memory</issue>
  <issue id="1153098" tracker="bnc"/>
  <issue id="1153332" tracker="bnc"/>
  <issue id="2017-16808" tracker="cve" />
  <issue id="2018-10103" tracker="cve" />
  <issue id="2018-10105" tracker="cve" />
  <issue id="2018-14461" tracker="cve" />
  <issue id="2018-14462" tracker="cve" />
  <issue id="2018-14463" tracker="cve" />
  <issue id="2018-14464" tracker="cve" />
  <issue id="2018-14465" tracker="cve" />
  <issue id="2018-14466" tracker="cve" />
  <issue id="2018-14467" tracker="cve" />
  <issue id="2018-14468" tracker="cve" />
  <issue id="2018-14469" tracker="cve" />
  <issue id="2018-14470" tracker="cve" />
  <issue id="2018-14879" tracker="cve" />
  <issue id="2018-14880" tracker="cve" />
  <issue id="2018-14881" tracker="cve" />
  <issue id="2018-14882" tracker="cve" />
  <issue id="2018-16227" tracker="cve" />
  <issue id="2018-16228" tracker="cve" />
  <issue id="2018-16229" tracker="cve" />
  <issue id="2018-16230" tracker="cve" />
  <issue id="2018-16300" tracker="cve" />
  <issue id="2018-16301" tracker="cve" />
  <issue id="2018-16451" tracker="cve" />
  <issue id="2018-16452" tracker="cve" />
  <issue id="2019-1010220" tracker="cve" />
  <issue id="2019-15166" tracker="cve" />
  <issue id="2019-15167" tracker="cve" />
  <issue tracker="cve" id="2020-8037"/>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for tcpdump</summary>
  <description>This update for tcpdump fixes the following issues:

- CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466).

The previous update of tcpdump already fixed variuous Buffer overflow/overread vulnerabilities [bsc#1153098, bsc#1153332]

- CVE-2017-16808 (AoE)
- CVE-2018-14468 (FrameRelay)
- CVE-2018-14469 (IKEv1)
- CVE-2018-14470 (BABEL)
- CVE-2018-14466 (AFS/RX)
- CVE-2018-14461 (LDP)
- CVE-2018-14462 (ICMP)
- CVE-2018-14465 (RSVP)
- CVE-2018-14464 (LMP)
- CVE-2019-15166 (LMP)
- CVE-2018-14880 (OSPF6)
- CVE-2018-14882 (RPL)
- CVE-2018-16227 (802.11)
- CVE-2018-16229 (DCCP)
- CVE-2018-14467 (BGP)
- CVE-2018-14881 (BGP)
- CVE-2018-16230 (BGP)
- CVE-2018-16300 (BGP)
- CVE-2018-14463 (VRRP)
- CVE-2019-15167 (VRRP)
- CVE-2018-14879 (tcpdump -V)
- CVE-2018-16228 (HNCP) is a duplicate of the already fixed CVE-2019-1010220
- CVE-2018-16301 (fixed in libpcap)
- CVE-2018-16451 (SMB)
- CVE-2018-16452 (SMB)
- CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
- CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places