Red Hat 9062 Published by

A tcpdump security, bug fix, and enhancement update has been released for Red Hat Enterprise Linux 8.



RHSA-2020:4760-01: Moderate: tcpdump security, bug fix, and enhancement update



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: tcpdump security, bug fix, and enhancement update
Advisory ID: RHSA-2020:4760-01
Product: Red Hat Enterprise Linux
Advisory URL:   https://access.redhat.com/errata/RHSA-2020:4760
Issue date: 2020-11-03
CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461
CVE-2018-14462 CVE-2018-14463 CVE-2018-14464
CVE-2018-14465 CVE-2018-14466 CVE-2018-14467
CVE-2018-14468 CVE-2018-14469 CVE-2018-14470
CVE-2018-14879 CVE-2018-14880 CVE-2018-14881
CVE-2018-14882 CVE-2018-16227 CVE-2018-16228
CVE-2018-16229 CVE-2018-16230 CVE-2018-16300
CVE-2018-16451 CVE-2018-16452 CVE-2019-15166
=====================================================================

1. Summary:

An update for tcpdump is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The tcpdump packages contain the tcpdump utility for monitoring network
traffic. The tcpdump utility can capture and display the packet headers on
a particular network interface or on all interfaces.

The following packages have been upgraded to a later upstream version:
tcpdump (4.9.3). (BZ#1804063)

Security Fix(es):

* tcpdump: SMB data printing mishandled (CVE-2018-10103)

* tcpdump: SMB data printing mishandled (CVE-2018-10105)

* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c
(CVE-2018-14879)

* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c
(CVE-2018-14461)

* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c
(CVE-2018-14462)

* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c
(CVE-2018-14463)

* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in
print-lmp.c (CVE-2018-14464)

* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c
(CVE-2018-14465)

* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)

* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c
(CVE-2018-14467)

* tcpdump: Buffer over-read in mfr_print() function in print-fr.c
(CVE-2018-14468)

* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c
(CVE-2018-14469)

* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c
(CVE-2018-14470)

* tcpdump: Buffer over-read in ospf6_print_lshdr() function in
print-ospf6.c (CVE-2018-14880)

* tcpdump: Buffer over-read in bgp_capabilities_print() function in
print-bgp.c (CVE-2018-14881)

* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c
(CVE-2018-14882)

* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)

* tcpdump: Access to uninitialized buffer in print_prefix() function in
print-hncp.c (CVE-2018-16228)

* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c
(CVE-2018-16229)

* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c
(CVE-2018-16230)

* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c
(CVE-2018-16300)

* tcpdump: Buffer over-read in print_trans() function in print-smb.c
(CVE-2018-16451)

* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c
(CVE-2018-16452)

* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c
(CVE-2019-15166)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

  https://access.redhat.com/articles/11258

5. Bugs fixed (  https://bugzilla.redhat.com/):

1760430 - CVE-2018-14882 tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c
1760445 - CVE-2018-16300 tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c
1760447 - CVE-2018-14469 tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c
1760449 - CVE-2018-14465 tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c
1760453 - CVE-2018-14463 tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c
1760455 - CVE-2018-14462 tcpdump: Buffer over-read in icmp_print() function in print-icmp.c
1760457 - CVE-2018-14879 tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c
1760458 - CVE-2018-16229 tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c
1760461 - CVE-2018-16227 tcpdump: Buffer over-read in print-802_11.c
1760463 - CVE-2018-14881 tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c
1760464 - CVE-2018-14468 tcpdump: Buffer over-read in mfr_print() function in print-fr.c
1760468 - CVE-2018-14880 tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c
1760504 - CVE-2018-10103 tcpdump: SMB data printing mishandled
1760505 - CVE-2018-10105 tcpdump: SMB data printing mishandled
1760506 - CVE-2018-14461 tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c
1760507 - CVE-2018-14464 tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c
1760509 - CVE-2018-14466 tcpdump: Buffer over-read in print-icmp6.c
1760512 - CVE-2018-14467 tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c
1760513 - CVE-2018-14470 tcpdump: Buffer over-read in babel_print_v2() in print-babel.c
1760514 - CVE-2018-16228 tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c
1760516 - CVE-2018-16230 tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c
1760517 - CVE-2018-16451 tcpdump: Buffer over-read in print_trans() function in print-smb.c
1760518 - CVE-2018-16452 tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c
1760520 - CVE-2019-15166 tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c
1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
tcpdump-4.9.3-1.el8.src.rpm

aarch64:
tcpdump-4.9.3-1.el8.aarch64.rpm
tcpdump-debuginfo-4.9.3-1.el8.aarch64.rpm
tcpdump-debugsource-4.9.3-1.el8.aarch64.rpm

ppc64le:
tcpdump-4.9.3-1.el8.ppc64le.rpm
tcpdump-debuginfo-4.9.3-1.el8.ppc64le.rpm
tcpdump-debugsource-4.9.3-1.el8.ppc64le.rpm

s390x:
tcpdump-4.9.3-1.el8.s390x.rpm
tcpdump-debuginfo-4.9.3-1.el8.s390x.rpm
tcpdump-debugsource-4.9.3-1.el8.s390x.rpm

x86_64:
tcpdump-4.9.3-1.el8.x86_64.rpm
tcpdump-debuginfo-4.9.3-1.el8.x86_64.rpm
tcpdump-debugsource-4.9.3-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
  https://access.redhat.com/security/team/key/

7. References:

  https://access.redhat.com/security/cve/CVE-2018-10103
  https://access.redhat.com/security/cve/CVE-2018-10105
  https://access.redhat.com/security/cve/CVE-2018-14461
  https://access.redhat.com/security/cve/CVE-2018-14462
  https://access.redhat.com/security/cve/CVE-2018-14463
  https://access.redhat.com/security/cve/CVE-2018-14464
  https://access.redhat.com/security/cve/CVE-2018-14465
  https://access.redhat.com/security/cve/CVE-2018-14466
  https://access.redhat.com/security/cve/CVE-2018-14467
  https://access.redhat.com/security/cve/CVE-2018-14468
  https://access.redhat.com/security/cve/CVE-2018-14469
  https://access.redhat.com/security/cve/CVE-2018-14470
  https://access.redhat.com/security/cve/CVE-2018-14879
  https://access.redhat.com/security/cve/CVE-2018-14880
  https://access.redhat.com/security/cve/CVE-2018-14881
  https://access.redhat.com/security/cve/CVE-2018-14882
  https://access.redhat.com/security/cve/CVE-2018-16227
  https://access.redhat.com/security/cve/CVE-2018-16228
  https://access.redhat.com/security/cve/CVE-2018-16229
  https://access.redhat.com/security/cve/CVE-2018-16230
  https://access.redhat.com/security/cve/CVE-2018-16300
  https://access.redhat.com/security/cve/CVE-2018-16451
  https://access.redhat.com/security/cve/CVE-2018-16452
  https://access.redhat.com/security/cve/CVE-2019-15166
  https://access.redhat.com/security/updates/classification/#moderate
  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.