Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170130012137.GA20854@jasmine>
Date: Sun, 29 Jan 2017 20:21:37 -0500
From: Leo Famulari <leo@...ulari.name>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: FW: [DSA 3775-1] tcpdump security update]

I'm forwarding a Debian security advisory regarding tcpdump.

The reason that I'm forwarding it is that I'm unable to find an upstream
source for this new release, 4.9.0.

It doesn't appear on tcpdump web page nor has it been tagged in their
public Git repo:

http://www.tcpdump.org/#latest-release
https://github.com/the-tcpdump-group/tcpdump/tags

Can anyone provide some insight?

----- Forwarded message from Moritz Muehlenhoff <jmm@...ian.org> -----

Date: Sun, 29 Jan 2017 18:24:15 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 3775-1] tcpdump security update
User-Agent: NeoMutt/20161126 (1.7.1)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3775-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 29, 2017                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tcpdump
CVE ID         : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 
                 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 
                 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 
                 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 
                 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 
                 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 
                 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 
                 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 
                 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 
                 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 
                 CVE-2017-5486

Multiple vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service or the execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 4.9.0-1~deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 4.9.0-1.

For the unstable distribution (sid), these problems have been fixed in
version 4.9.0-1.

We recommend that you upgrade your tcpdump packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAliOJGUACgkQEMKTtsN8
TjY54w//TQtKeoBF3uzCtMTKExAzKCZKkVnTLkFKu0Ybcr6ooTQ+Vyy81t0WlHa7
L4i31RavlQerBK3euGLhg679Bcv6Wrtgc1dC6caaDQTWF3+IWrZ/KO3LHJdgLMoj
y10zBMLBdr2rTB4cItXCYcCkzXWGGoDjFyAf9h61O6SAHa9qZthGXCzOY7G0eQfX
GCN7LW2rY+H3NuUo0UYVhiru9poflehxArdQnoeZGU//8uZ5qaD2XeUILQI+gOo8
rwBnYpF7YvrrFGaleVrHgXuLN6t/7HOkMxaIQtn9zmigZfWkOUjPGOAkn8xLKhk3
zgRBT7n+pd+N82TK4B6+RhDilY9Ec2btJ5EDHIJAnmVAATwoULPtgzQwLSrziN9a
DCsusuWxPFcvmyGMy4ooEWpKsZ2MgXusR/As84g5ZeWl9qOuZ9U0aeJtThhl37zA
wNH+KIgWEUoQNmoVrOCUchtbiKeHEbIDUWR1PNpgl3Cb7Fbp3be3AFPJiiTE/r+7
UUmtFXdWKGNK6nzLV0yo4TWDXyNLJMu+SP6JiZNsbkYntmUgqFw0iotWNoqgajPQ
U4cmAeDMJMDFTU6Or1Tam+Njv71mIZNGCsplZa2gAHHsmXHeqYiI+vEp5ZljFOkY
SgoWuuERDtFv4FGL5oBxP/Z+SYOrt8ME+rRqsLUWfgXD+tDCE6I=
=sV/2
-----END PGP SIGNATURE-----


----- End forwarded message -----

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.