* [PATCH] tcpdump: Update to 4.9.2
@ 2017-09-08 16:13 Matthias Fischer
2017-09-11 20:15 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Matthias Fischer @ 2017-09-08 16:13 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 4781 bytes --]
Changelog:
"Sunday September 3, 2017 denis(a)ovsienko.info
Summary for 4.9.2 tcpdump release
Do not use getprotobynumber() for protocol name resolution. Do not do
any protocol name resolution if -n is specified.
Improve errors detection in the test scripts.
Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
Clean up IS-IS printing.
Fix buffer overflow vulnerabilities:
CVE-2017-11543 (SLIP)
CVE-2017-13011 (bittok2str_internal)
Fix infinite loop vulnerabilities:
CVE-2017-12989 (RESP)
CVE-2017-12990 (ISAKMP)
CVE-2017-12995 (DNS)
CVE-2017-12997 (LLDP)
Fix buffer over-read vulnerabilities:
CVE-2017-11541 (safeputs)
CVE-2017-11542 (PIMv1)
CVE-2017-12893 (SMB/CIFS)
CVE-2017-12894 (lookup_bytestring)
CVE-2017-12895 (ICMP)
CVE-2017-12896 (ISAKMP)
CVE-2017-12897 (ISO CLNS)
CVE-2017-12898 (NFS)
CVE-2017-12899 (DECnet)
CVE-2017-12900 (tok2strbuf)
CVE-2017-12901 (EIGRP)
CVE-2017-12902 (Zephyr)
CVE-2017-12985 (IPv6)
CVE-2017-12986 (IPv6 routing headers)
CVE-2017-12987 (IEEE 802.11)
CVE-2017-12988 (telnet)
CVE-2017-12991 (BGP)
CVE-2017-12992 (RIPng)
CVE-2017-12993 (Juniper)
CVE-2017-11542 (PIMv1)
CVE-2017-11541 (safeputs)
CVE-2017-12994 (BGP)
CVE-2017-12996 (PIMv2)
CVE-2017-12998 (ISO IS-IS)
CVE-2017-12999 (ISO IS-IS)
CVE-2017-13000 (IEEE 802.15.4)
CVE-2017-13001 (NFS)
CVE-2017-13002 (AODV)
CVE-2017-13003 (LMP)
CVE-2017-13004 (Juniper)
CVE-2017-13005 (NFS)
CVE-2017-13006 (L2TP)
CVE-2017-13007 (Apple PKTAP)
CVE-2017-13008 (IEEE 802.11)
CVE-2017-13009 (IPv6 mobility)
CVE-2017-13010 (BEEP)
CVE-2017-13012 (ICMP)
CVE-2017-13013 (ARP)
CVE-2017-13014 (White Board)
CVE-2017-13015 (EAP)
CVE-2017-11543 (SLIP)
CVE-2017-13016 (ISO ES-IS)
CVE-2017-13017 (DHCPv6)
CVE-2017-13018 (PGM)
CVE-2017-13019 (PGM)
CVE-2017-13020 (VTP)
CVE-2017-13021 (ICMPv6)
CVE-2017-13022 (IP)
CVE-2017-13023 (IPv6 mobility)
CVE-2017-13024 (IPv6 mobility)
CVE-2017-13025 (IPv6 mobility)
CVE-2017-13026 (ISO IS-IS)
CVE-2017-13027 (LLDP)
CVE-2017-13028 (BOOTP)
CVE-2017-13029 (PPP)
CVE-2017-13030 (PIM)
CVE-2017-13031 (IPv6 fragmentation header)
CVE-2017-13032 (RADIUS)
CVE-2017-13033 (VTP)
CVE-2017-13034 (PGM)
CVE-2017-13035 (ISO IS-IS)
CVE-2017-13036 (OSPFv3)
CVE-2017-13037 (IP)
CVE-2017-13038 (PPP)
CVE-2017-13039 (ISAKMP)
CVE-2017-13040 (MPTCP)
CVE-2017-13041 (ICMPv6)
CVE-2017-13042 (HNCP)
CVE-2017-13043 (BGP)
CVE-2017-13044 (HNCP)
CVE-2017-13045 (VQP)
CVE-2017-13046 (BGP)
CVE-2017-13047 (ISO ES-IS)
CVE-2017-13048 (RSVP)
CVE-2017-13049 (Rx)
CVE-2017-13050 (RPKI-Router)
CVE-2017-13051 (RSVP)
CVE-2017-13052 (CFM)
CVE-2017-13053 (BGP)
CVE-2017-13054 (LLDP)
CVE-2017-13055 (ISO IS-IS)
CVE-2017-13687 (Cisco HDLC)
CVE-2017-13688 (OLSR)
CVE-2017-13689 (IKEv1)
CVE-2017-13690 (IKEv2)
CVE-2017-13725 (IPv6 routing headers)
Sunday July 23, 2017 denis(a)ovsienko.info
Summary for 4.9.1 tcpdump release
CVE-2017-11108/Fix bounds checking for STP.
Make assorted documentation updates and fix a few typos in tcpdump output.
Fixup -C for file size >2GB (GH #488).
Show AddressSanitizer presence in version output.
Fix a bug in test scripts (exposed in GH #613).
On FreeBSD adjust Capsicum capabilities for netmap.
On Linux fix a use-after-free when the requested interface does not exist."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
lfs/tcpdump | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/tcpdump b/lfs/tcpdump
index 42536f16a..acf752ce2 100644
--- a/lfs/tcpdump
+++ b/lfs/tcpdump
@@ -24,7 +24,7 @@
include Config
-VER = 4.9.0
+VER = 4.9.2
THISAPP = tcpdump-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tcpdump
-PAK_VER = 8
+PAK_VER = 9
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2b83364eef53b63ca3181b4eb56dab0c
+$(DL_FILE)_MD5 = 9bbc1ee33dab61302411b02dd0515576
install : $(TARGET)
--
2.14.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] tcpdump: Update to 4.9.2
2017-09-08 16:13 [PATCH] tcpdump: Update to 4.9.2 Matthias Fischer
@ 2017-09-11 20:15 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2017-09-11 20:15 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 5195 bytes --]
Wow, that is a lot of CVE numbers.
Merged!
-Michael
On Fri, 2017-09-08 at 18:13 +0200, Matthias Fischer wrote:
> Changelog:
>
> "Sunday September 3, 2017 denis(a)ovsienko.info
> Summary for 4.9.2 tcpdump release
> Do not use getprotobynumber() for protocol name resolution. Do not do
> any protocol name resolution if -n is specified.
> Improve errors detection in the test scripts.
> Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
> Clean up IS-IS printing.
> Fix buffer overflow vulnerabilities:
> CVE-2017-11543 (SLIP)
> CVE-2017-13011 (bittok2str_internal)
> Fix infinite loop vulnerabilities:
> CVE-2017-12989 (RESP)
> CVE-2017-12990 (ISAKMP)
> CVE-2017-12995 (DNS)
> CVE-2017-12997 (LLDP)
> Fix buffer over-read vulnerabilities:
> CVE-2017-11541 (safeputs)
> CVE-2017-11542 (PIMv1)
> CVE-2017-12893 (SMB/CIFS)
> CVE-2017-12894 (lookup_bytestring)
> CVE-2017-12895 (ICMP)
> CVE-2017-12896 (ISAKMP)
> CVE-2017-12897 (ISO CLNS)
> CVE-2017-12898 (NFS)
> CVE-2017-12899 (DECnet)
> CVE-2017-12900 (tok2strbuf)
> CVE-2017-12901 (EIGRP)
> CVE-2017-12902 (Zephyr)
> CVE-2017-12985 (IPv6)
> CVE-2017-12986 (IPv6 routing headers)
> CVE-2017-12987 (IEEE 802.11)
> CVE-2017-12988 (telnet)
> CVE-2017-12991 (BGP)
> CVE-2017-12992 (RIPng)
> CVE-2017-12993 (Juniper)
> CVE-2017-11542 (PIMv1)
> CVE-2017-11541 (safeputs)
> CVE-2017-12994 (BGP)
> CVE-2017-12996 (PIMv2)
> CVE-2017-12998 (ISO IS-IS)
> CVE-2017-12999 (ISO IS-IS)
> CVE-2017-13000 (IEEE 802.15.4)
> CVE-2017-13001 (NFS)
> CVE-2017-13002 (AODV)
> CVE-2017-13003 (LMP)
> CVE-2017-13004 (Juniper)
> CVE-2017-13005 (NFS)
> CVE-2017-13006 (L2TP)
> CVE-2017-13007 (Apple PKTAP)
> CVE-2017-13008 (IEEE 802.11)
> CVE-2017-13009 (IPv6 mobility)
> CVE-2017-13010 (BEEP)
> CVE-2017-13012 (ICMP)
> CVE-2017-13013 (ARP)
> CVE-2017-13014 (White Board)
> CVE-2017-13015 (EAP)
> CVE-2017-11543 (SLIP)
> CVE-2017-13016 (ISO ES-IS)
> CVE-2017-13017 (DHCPv6)
> CVE-2017-13018 (PGM)
> CVE-2017-13019 (PGM)
> CVE-2017-13020 (VTP)
> CVE-2017-13021 (ICMPv6)
> CVE-2017-13022 (IP)
> CVE-2017-13023 (IPv6 mobility)
> CVE-2017-13024 (IPv6 mobility)
> CVE-2017-13025 (IPv6 mobility)
> CVE-2017-13026 (ISO IS-IS)
> CVE-2017-13027 (LLDP)
> CVE-2017-13028 (BOOTP)
> CVE-2017-13029 (PPP)
> CVE-2017-13030 (PIM)
> CVE-2017-13031 (IPv6 fragmentation header)
> CVE-2017-13032 (RADIUS)
> CVE-2017-13033 (VTP)
> CVE-2017-13034 (PGM)
> CVE-2017-13035 (ISO IS-IS)
> CVE-2017-13036 (OSPFv3)
> CVE-2017-13037 (IP)
> CVE-2017-13038 (PPP)
> CVE-2017-13039 (ISAKMP)
> CVE-2017-13040 (MPTCP)
> CVE-2017-13041 (ICMPv6)
> CVE-2017-13042 (HNCP)
> CVE-2017-13043 (BGP)
> CVE-2017-13044 (HNCP)
> CVE-2017-13045 (VQP)
> CVE-2017-13046 (BGP)
> CVE-2017-13047 (ISO ES-IS)
> CVE-2017-13048 (RSVP)
> CVE-2017-13049 (Rx)
> CVE-2017-13050 (RPKI-Router)
> CVE-2017-13051 (RSVP)
> CVE-2017-13052 (CFM)
> CVE-2017-13053 (BGP)
> CVE-2017-13054 (LLDP)
> CVE-2017-13055 (ISO IS-IS)
> CVE-2017-13687 (Cisco HDLC)
> CVE-2017-13688 (OLSR)
> CVE-2017-13689 (IKEv1)
> CVE-2017-13690 (IKEv2)
> CVE-2017-13725 (IPv6 routing headers)
>
> Sunday July 23, 2017 denis(a)ovsienko.info
> Summary for 4.9.1 tcpdump release
> CVE-2017-11108/Fix bounds checking for STP.
> Make assorted documentation updates and fix a few typos in tcpdump output.
> Fixup -C for file size >2GB (GH #488).
> Show AddressSanitizer presence in version output.
> Fix a bug in test scripts (exposed in GH #613).
> On FreeBSD adjust Capsicum capabilities for netmap.
> On Linux fix a use-after-free when the requested interface does not exist."
>
> Best,
> Matthias
>
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/tcpdump | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/lfs/tcpdump b/lfs/tcpdump
> index 42536f16a..acf752ce2 100644
> --- a/lfs/tcpdump
> +++ b/lfs/tcpdump
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 4.9.0
> +VER = 4.9.2
>
> THISAPP = tcpdump-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = tcpdump
> -PAK_VER = 8
> +PAK_VER = 9
>
> DEPS = ""
>
> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = 2b83364eef53b63ca3181b4eb56dab0c
> +$(DL_FILE)_MD5 = 9bbc1ee33dab61302411b02dd0515576
>
> install : $(TARGET)
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-09-11 20:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-08 16:13 [PATCH] tcpdump: Update to 4.9.2 Matthias Fischer
2017-09-11 20:15 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox