Security update for tcpdump SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0284-1 Final 1 1 2015-02-06T14:47:24Z current 2015-02-06T14:47:24Z 2015-02-06T14:47:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tcpdump tcpdump was updated to fix three security issues. These security issues were fixed: - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bnc#905870 905871). - CVE-2014-8769: tcpdump 3.8 through 4.6.2 might allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bnc#905871 905872). - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bnc#905871). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html E-Mail link for openSUSE-SU-2015:0284-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings tcpdump-4.4.0-2.4.1 Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. CVE-2014-8767 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html https://www.suse.com/security/cve/CVE-2014-8767.html CVE-2014-8767 https://bugzilla.suse.com/905870 SUSE Bug 905870 https://bugzilla.suse.com/905871 SUSE Bug 905871 Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. CVE-2014-8768 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html https://www.suse.com/security/cve/CVE-2014-8768.html CVE-2014-8768 https://bugzilla.suse.com/905871 SUSE Bug 905871 tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. CVE-2014-8769 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html https://www.suse.com/security/cve/CVE-2014-8769.html CVE-2014-8769 https://bugzilla.suse.com/905871 SUSE Bug 905871 https://bugzilla.suse.com/905872 SUSE Bug 905872