Mailing List Info
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists
  Archives

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] tcpdump (SSA:2019-274-01)
 Date: Tue, 1 Oct 2019 23:51:41 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  tcpdump (SSA:2019-274-01)

New libpcap and tcpdump packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz:  Upgraded.
  This update is required for the new version of tcpdump.
patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz:  Upgraded.
  Fix buffer overflow/overread vulnerabilities and command line
  argument/local issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 packages:
0855bcc24c0d39f6ec3c6fa7d956ebf4  libpcap-1.9.1-i486-1_slack14.0.txz
1c53d8ea7923c5947dbbf0eb2dfca2aa  tcpdump-4.9.3-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
080435560c6498ba82e3131d9d7f36e4  libpcap-1.9.1-x86_64-1_slack14.0.txz
3740823881e104943cb15be6870a0e7d  tcpdump-4.9.3-x86_64-1_slack14.0.txz

Slackware 14.1 packages:
7f1dffd77993897a3729c1fb3ea5e395  libpcap-1.9.1-i486-1_slack14.1.txz
b267563e154bbddab251e8e2c7a11f69  tcpdump-4.9.3-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages:
1177a6f007a4924c2116d15f8cb92900  libpcap-1.9.1-x86_64-1_slack14.1.txz
de9844ab61993927903a91fc05450c8c  tcpdump-4.9.3-x86_64-1_slack14.1.txz

Slackware 14.2 packages:
2672c9a84590170ff8f7f2b233af9a38  libpcap-1.9.1-i586-1_slack14.2.txz
578dbf94aa192915243e2d200c557cc5  tcpdump-4.9.3-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
16f70962eebe606d3d9668202752bc51  libpcap-1.9.1-x86_64-1_slack14.2.txz
0a4b8400d30a84bc1df774b3537cb4b5  tcpdump-4.9.3-x86_64-1_slack14.2.txz

Slackware -current packages:
8765839c82fc67a8075b9e1c5211776b  l/libpcap-1.9.0-i586-1.txz
9de3c38d7c061534d28b5b599ab5d563  n/tcpdump-4.9.2-i586-3.txz

Slackware x86_64 -current packages:
cb278799afec0d6e99ce9a126b9e65f3  l/libpcap-1.9.1-x86_64-1.txz
2d14083ccadb447e5af06e0f940fefa5  n/tcpdump-4.9.3-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg libpcap-1.9.1-i586-1_slack14.2.txz tcpdump-4.9.3-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAl2T5LAACgkQakRjwEAQIjNc9ACffoTzkJYou8k8YsrdpO0zcT2N
NrwAn3S67vZYd2YJoyerzX7G6s/Tuzlw
=8lc8
-----END PGP SIGNATURE-----
Slackware™ is a trademark of Patrick Volkerding.