File _patchinfo of Package patchinfo

<patchinfo incident="3508">
  <issue id="905872" tracker="bnc">VUL-0: CVE-2014-8769: tcpdump: unreliable output using malformed AOVD payload</issue>
  <issue id="905871" tracker="bnc">VUL-0: CVE-2014-8768: tcpdump: denial of service in verbose mode using malformed Geonet payload</issue>
  <issue id="905870" tracker="bnc">VUL-0: CVE-2014-8767: tcpdump: denial of service in verbose mode using malformed OLSR payload</issue>
  <issue id="CVE-2014-8767" tracker="cve" />
  <issue id="CVE-2014-8769" tracker="cve" />
  <issue id="CVE-2014-8768" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>tcpdump was updated to fix three security issues.

These security issues were fixed:
- CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bnc#905870 905871).
- CVE-2014-8769: tcpdump 3.8 through 4.6.2 might allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bnc#905871 905872).
- CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bnc#905871).
  </description>
  <summary>Security update for tcpdump</summary>
</patchinfo>