-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: tcpdump security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:4760-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4760
Issue date:        2020-11-03
CVE Names:         CVE-2018-10103 CVE-2018-10105 CVE-2018-14461
                   CVE-2018-14462 CVE-2018-14463 CVE-2018-14464
                   CVE-2018-14465 CVE-2018-14466 CVE-2018-14467
                   CVE-2018-14468 CVE-2018-14469 CVE-2018-14470
                   CVE-2018-14879 CVE-2018-14880 CVE-2018-14881
                   CVE-2018-14882 CVE-2018-16227 CVE-2018-16228
                   CVE-2018-16229 CVE-2018-16230 CVE-2018-16300
                   CVE-2018-16451 CVE-2018-16452 CVE-2019-15166
====================================================================
1. Summary:

An update for tcpdump is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The tcpdump packages contain the tcpdump utility for monitoring network
traffic. The tcpdump utility can capture and display the packet headers on
a particular network interface or on all interfaces.

The following packages have been upgraded to a later upstream version:
tcpdump (4.9.3). (BZ#1804063)

Security Fix(es):

* tcpdump: SMB data printing mishandled (CVE-2018-10103)

* tcpdump: SMB data printing mishandled (CVE-2018-10105)

* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c
(CVE-2018-14879)

* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c
(CVE-2018-14461)

* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c
(CVE-2018-14462)

* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c
(CVE-2018-14463)

* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in
print-lmp.c (CVE-2018-14464)

* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c
(CVE-2018-14465)

* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)

* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c
(CVE-2018-14467)

* tcpdump: Buffer over-read in mfr_print() function in print-fr.c
(CVE-2018-14468)

* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c
(CVE-2018-14469)

* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c
(CVE-2018-14470)

* tcpdump: Buffer over-read in ospf6_print_lshdr() function in
print-ospf6.c (CVE-2018-14880)

* tcpdump: Buffer over-read in bgp_capabilities_print() function in
print-bgp.c (CVE-2018-14881)

* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c
(CVE-2018-14882)

* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)

* tcpdump: Access to uninitialized buffer in print_prefix() function in
print-hncp.c (CVE-2018-16228)

* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c
(CVE-2018-16229)

* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c
(CVE-2018-16230)

* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c
(CVE-2018-16300)

* tcpdump: Buffer over-read in print_trans() function in print-smb.c
(CVE-2018-16451)

* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c
(CVE-2018-16452)

* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c
(CVE-2019-15166)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1760430 - CVE-2018-14882 tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c
1760445 - CVE-2018-16300 tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c
1760447 - CVE-2018-14469 tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c
1760449 - CVE-2018-14465 tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c
1760453 - CVE-2018-14463 tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c
1760455 - CVE-2018-14462 tcpdump: Buffer over-read in icmp_print() function in print-icmp.c
1760457 - CVE-2018-14879 tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c
1760458 - CVE-2018-16229 tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c
1760461 - CVE-2018-16227 tcpdump: Buffer over-read in print-802_11.c
1760463 - CVE-2018-14881 tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c
1760464 - CVE-2018-14468 tcpdump: Buffer over-read in mfr_print() function in print-fr.c
1760468 - CVE-2018-14880 tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c
1760504 - CVE-2018-10103 tcpdump: SMB data printing mishandled
1760505 - CVE-2018-10105 tcpdump: SMB data printing mishandled
1760506 - CVE-2018-14461 tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c
1760507 - CVE-2018-14464 tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c
1760509 - CVE-2018-14466 tcpdump: Buffer over-read in print-icmp6.c
1760512 - CVE-2018-14467 tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c
1760513 - CVE-2018-14470 tcpdump: Buffer over-read in babel_print_v2() in print-babel.c
1760514 - CVE-2018-16228 tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c
1760516 - CVE-2018-16230 tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c
1760517 - CVE-2018-16451 tcpdump: Buffer over-read in print_trans() function in print-smb.c
1760518 - CVE-2018-16452 tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c
1760520 - CVE-2019-15166 tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c
1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
tcpdump-4.9.3-1.el8.src.rpm

aarch64:
tcpdump-4.9.3-1.el8.aarch64.rpm
tcpdump-debuginfo-4.9.3-1.el8.aarch64.rpm
tcpdump-debugsource-4.9.3-1.el8.aarch64.rpm

ppc64le:
tcpdump-4.9.3-1.el8.ppc64le.rpm
tcpdump-debuginfo-4.9.3-1.el8.ppc64le.rpm
tcpdump-debugsource-4.9.3-1.el8.ppc64le.rpm

s390x:
tcpdump-4.9.3-1.el8.s390x.rpm
tcpdump-debuginfo-4.9.3-1.el8.s390x.rpm
tcpdump-debugsource-4.9.3-1.el8.s390x.rpm

x86_64:
tcpdump-4.9.3-1.el8.x86_64.rpm
tcpdump-debuginfo-4.9.3-1.el8.x86_64.rpm
tcpdump-debugsource-4.9.3-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-10103
https://access.redhat.com/security/cve/CVE-2018-10105
https://access.redhat.com/security/cve/CVE-2018-14461
https://access.redhat.com/security/cve/CVE-2018-14462
https://access.redhat.com/security/cve/CVE-2018-14463
https://access.redhat.com/security/cve/CVE-2018-14464
https://access.redhat.com/security/cve/CVE-2018-14465
https://access.redhat.com/security/cve/CVE-2018-14466
https://access.redhat.com/security/cve/CVE-2018-14467
https://access.redhat.com/security/cve/CVE-2018-14468
https://access.redhat.com/security/cve/CVE-2018-14469
https://access.redhat.com/security/cve/CVE-2018-14470
https://access.redhat.com/security/cve/CVE-2018-14879
https://access.redhat.com/security/cve/CVE-2018-14880
https://access.redhat.com/security/cve/CVE-2018-14881
https://access.redhat.com/security/cve/CVE-2018-14882
https://access.redhat.com/security/cve/CVE-2018-16227
https://access.redhat.com/security/cve/CVE-2018-16228
https://access.redhat.com/security/cve/CVE-2018-16229
https://access.redhat.com/security/cve/CVE-2018-16230
https://access.redhat.com/security/cve/CVE-2018-16300
https://access.redhat.com/security/cve/CVE-2018-16451
https://access.redhat.com/security/cve/CVE-2018-16452
https://access.redhat.com/security/cve/CVE-2019-15166
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6I4ENzjgjWX9erEAQhWpBAAl8gza241WtZUglkRZgl5MEblBH2i/YD7
ixrj7P/T6FmlkhbgotT6cWAD4v/oej0aV3VlgnlY9JI9iPGKvP6ZYu8jbaW50Lr+
E1wDuI/6nAp/e6DLSYAe1qD52c06SrPdlMP40SE9ZQoTDe38Z8Uvfpm7X4CN9wgi
AbGc3fUHkO5EDrYDpiT3UxF3X71yVq8/mWJRNo2T8IPxc6ufGJM524cFLV6KDx1q
h0vDHxcv69wCwKXjYHBoU/X5Bq7k4KuTTbI4B5NgHouWrosUYcn5Bo9eiSfjY0C3
cGD+CSQ/cBHzOleg7X6f3vrI7p6Gc0RG/npAIx7VfUucg8GYmdS2cjv93A5oqXJQ
VIOGjtdX9dV6WEY2kkfJmjHJr4ehef6n6LML9U0F3OIMHYAeM9xObQYVU/iYH1db
1kHQmLcQNR5RbNAm9VKuZdEU/V/IdM0bb1gGZEiuAbu1esSwV9h9zbke4Nf3pmC1
qCmHF6sDyBrrHv1J0sr7dsd4gIlrNhXxtej+3FHCnKiuyMIyrPaKmsjidSeNyHTQ
oQVAxH4doUpiWeViH0/wEg7tcRuU6AFW64iFnMzXG2/iP4H5Oin9Gzsky+cdU+RH
GfzzlTFeyNqhdxeoncnskYCKWN+rKCM+7kPVoSa2JwbZDgWFAIlFNkHsYSjBnYDD
5ua+Acdmj44=1sro
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce