[Secure-testing-team] Bug#873806: CVE-2017-11543
Guido Günther
agx at sigxcpu.org
Thu Aug 31 10:41:06 UTC 2017
Package: tcpdump
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: important
Tags: security
Hi,
the following vulnerability was published for tcpdump.
CVE-2017-11541[0]:
| tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print
| function in print-lldp.c, related to util-print.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
Please adjust the affected versions in the BTS as needed.
Note that I've not been able to reproduce the vulnerability with the
pcap file provided at
https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl
but given this has a CVE I figured it's safer to bring this to your
attention anyway.
More information about the Secure-testing-team
mailing list