openSUSE-SU-2017:1199-1: moderate: Security update for tcpdump, libpcap

8 May 2017

      openSUSE Security Update: Security update for tcpdump, libpcap
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:1199-1
Rating:             moderate
References:         #1020940 #1035686 #905870 #905871 #905872 
                    #922220 #922221 #922222 #922223 #927637 
Cross-References:   CVE-2014-8767 CVE-2014-8768 CVE-2014-8769
                    CVE-2015-0261 CVE-2015-2153 CVE-2015-2154
                    CVE-2015-2155 CVE-2015-3138 CVE-2016-7922
                    CVE-2016-7923 CVE-2016-7924 CVE-2016-7925
                    CVE-2016-7926 CVE-2016-7927 CVE-2016-7928
                    CVE-2016-7929 CVE-2016-7930 CVE-2016-7931
                    CVE-2016-7932 CVE-2016-7933 CVE-2016-7934
                    CVE-2016-7935 CVE-2016-7936 CVE-2016-7937
                    CVE-2016-7938 CVE-2016-7939 CVE-2016-7940
                    CVE-2016-7973 CVE-2016-7974 CVE-2016-7975
                    CVE-2016-7983 CVE-2016-7984 CVE-2016-7985
                    CVE-2016-7986 CVE-2016-7992 CVE-2016-7993
                    CVE-2016-8574 CVE-2016-8575 CVE-2017-5202
                    CVE-2017-5203 CVE-2017-5204 CVE-2017-5205
                    CVE-2017-5341 CVE-2017-5342 CVE-2017-5482
                    CVE-2017-5483 CVE-2017-5484 CVE-2017-5485
                    CVE-2017-5486
Affected Products:
                    openSUSE Leap 42.2
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that fixes 49 vulnerabilities is now available.

Description:

   This update for tcpdump to version 4.9.0 and libpcap to version 1.8.1
   fixes the several issues.

   These security issues were fixed in tcpdump:

   - CVE-2016-7922: The AH parser in tcpdump had a buffer overflow in
     print-ah.c:ah_print() (bsc#1020940).
   - CVE-2016-7923: The ARP parser in tcpdump had a buffer overflow in
     print-arp.c:arp_print() (bsc#1020940).
   - CVE-2016-7924: The ATM parser in tcpdump had a buffer overflow in
     print-atm.c:oam_print() (bsc#1020940).
   - CVE-2016-7925: The compressed SLIP parser in tcpdump had a buffer
     overflow in print-sl.c:sl_if_print() (bsc#1020940).
   - CVE-2016-7926: The Ethernet parser in tcpdump had a buffer overflow in
     print-ether.c:ethertype_print() (bsc#1020940).
   - CVE-2016-7927: The IEEE 802.11 parser in tcpdump had a buffer overflow
     in print-802_11.c:ieee802_11_radio_print() (bsc#1020940).
   - CVE-2016-7928: The IPComp parser in tcpdump had a buffer overflow in
     print-ipcomp.c:ipcomp_print() (bsc#1020940).
   - CVE-2016-7929: The Juniper PPPoE ATM parser in tcpdump had a buffer
     overflow in print-juniper.c:juniper_parse_header() (bsc#1020940).
   - CVE-2016-7930: The LLC/SNAP parser in tcpdump had a buffer overflow in
     print-llc.c:llc_print() (bsc#1020940).
   - CVE-2016-7931: The MPLS parser in tcpdump had a buffer overflow in
     print-mpls.c:mpls_print() (bsc#1020940).
   - CVE-2016-7932: The PIM parser in tcpdump had a buffer overflow in
     print-pim.c:pimv2_check_checksum() (bsc#1020940).
   - CVE-2016-7933: The PPP parser in tcpdump had a buffer overflow in
     print-ppp.c:ppp_hdlc_if_print() (bsc#1020940).
   - CVE-2016-7934: The RTCP parser in tcpdump had a buffer overflow in
     print-udp.c:rtcp_print() (bsc#1020940).
   - CVE-2016-7935: The RTP parser in tcpdump had a buffer overflow in
     print-udp.c:rtp_print() (bsc#1020940).
   - CVE-2016-7936: The UDP parser in tcpdump had a buffer overflow in
     print-udp.c:udp_print() (bsc#1020940).
   - CVE-2016-7937: The VAT parser in tcpdump had a buffer overflow in
     print-udp.c:vat_print() (bsc#1020940).
   - CVE-2016-7938: The ZeroMQ parser in tcpdump had an integer overflow in
     print-zeromq.c:zmtp1_print_frame() (bsc#1020940).
   - CVE-2016-7939: The GRE parser in tcpdump had a buffer overflow in
     print-gre.c, multiple functions (bsc#1020940).
   - CVE-2016-7940: The STP parser in tcpdump had a buffer overflow in
     print-stp.c, multiple functions (bsc#1020940).
   - CVE-2016-7973: The AppleTalk parser in tcpdump had a buffer overflow in
     print-atalk.c, multiple functions (bsc#1020940).
   - CVE-2016-7974: The IP parser in tcpdump had a buffer overflow in
     print-ip.c, multiple functions (bsc#1020940).
   - CVE-2016-7975: The TCP parser in tcpdump had a buffer overflow in
     print-tcp.c:tcp_print() (bsc#1020940).
   - CVE-2016-7983: The BOOTP parser in tcpdump had a buffer overflow in
     print-bootp.c:bootp_print() (bsc#1020940).
   - CVE-2016-7984: The TFTP parser in tcpdump had a buffer overflow in
     print-tftp.c:tftp_print() (bsc#1020940).
   - CVE-2016-7985: The CALM FAST parser in tcpdump had a buffer overflow in
     print-calm-fast.c:calm_fast_print() (bsc#1020940).
   - CVE-2016-7986: The GeoNetworking parser in tcpdump had a buffer overflow
     in print-geonet.c, multiple functions (bsc#1020940).
   - CVE-2016-7992: The Classical IP over ATM parser in tcpdump had a buffer
     overflow in print-cip.c:cip_if_print() (bsc#1020940).
   - CVE-2016-7993: A bug in util-print.c:relts_print() in tcpdump could
     cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP,
     IGMP, lightweight resolver protocol, PIM) (bsc#1020940).
   - CVE-2016-8574: The FRF.15 parser in tcpdump had a buffer overflow in
     print-fr.c:frf15_print() (bsc#1020940).
   - CVE-2016-8575: The Q.933 parser in tcpdump had a buffer overflow in
     print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482
     (bsc#1020940).
   - CVE-2017-5202: The ISO CLNS parser in tcpdump had a buffer overflow in
     print-isoclns.c:clnp_print() (bsc#1020940).
   - CVE-2017-5203: The BOOTP parser in tcpdump had a buffer overflow in
     print-bootp.c:bootp_print() (bsc#1020940).
   - CVE-2017-5204: The IPv6 parser in tcpdump had a buffer overflow in
     print-ip6.c:ip6_print() (bsc#1020940).
   - CVE-2017-5205: The ISAKMP parser in tcpdump had a buffer overflow in
     print-isakmp.c:ikev2_e_print() (bsc#1020940).
   - CVE-2017-5341: The OTV parser in tcpdump had a buffer overflow in
     print-otv.c:otv_print() (bsc#1020940).
   - CVE-2017-5342: In tcpdump a bug in multiple protocol parsers (Geneve,
     GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
     print-ether.c:ether_print() (bsc#1020940).
   - CVE-2017-5482: The Q.933 parser in tcpdump had a buffer overflow in
     print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575
     (bsc#1020940).
   - CVE-2017-5483: The SNMP parser in tcpdump had a buffer overflow in
     print-snmp.c:asn1_parse() (bsc#1020940).
   - CVE-2017-5484: The ATM parser in tcpdump had a buffer overflow in
     print-atm.c:sig_print() (bsc#1020940).
   - CVE-2017-5485: The ISO CLNS parser in tcpdump had a buffer overflow in
     addrtoname.c:lookup_nsap() (bsc#1020940).
   - CVE-2017-5486: The ISO CLNS parser in tcpdump had a buffer overflow in
     print-isoclns.c:clnp_print() (bsc#1020940).
   - CVE-2015-3138: Fixed potential denial of service in print-wb.c
     (bsc#927637).
   - CVE-2015-0261: Integer signedness error in the mobility_opt_print
     function in the IPv6 mobility printer in tcpdump allowed remote
     attackers to cause a denial of service (out-of-bounds read and crash) or
     possibly execute arbitrary code via a negative length value (bsc#922220).
   - CVE-2015-2153: The rpki_rtr_pdu_print function in print-rpki-rtr.c in
     the TCP printer in tcpdump allowed remote attackers to cause a denial of
     service (out-of-bounds read or write and crash) via a crafted header
     length in an RPKI-RTR Protocol Data Unit (PDU) (bsc#922221).
   - CVE-2015-2154: The osi_print_cksum function in print-isoclns.c in the
     ethernet printer in tcpdump allowed remote attackers to cause a denial
     of service (out-of-bounds read and crash) via a crafted (1) length, (2)
     offset, or (3) base pointer checksum value (bsc#922222).
   - CVE-2015-2155: The force printer in tcpdump allowed remote attackers to
     cause a denial of service (crash) and possibly execute arbitrary code
     via unspecified vectors (bsc#922223).
   - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump
     3.9.6 when in verbose mode, allowed remote attackers to cause a denial
     of service (crash) via a crafted length value in an OLSR frame
     (bsc#905870).
   - CVE-2014-8768: Multiple Integer underflows in the geonet_print function
     in tcpdump when run in verbose mode, allowed remote attackers to cause a
     denial of service (segmentation fault and crash) via a crafted length
     value in a Geonet frame (bsc#905871).
   - CVE-2014-8769: tcpdump might have allowed remote attackers to obtain
     sensitive information from memory or cause a denial of service (packet
     loss or segmentation fault) via a crafted Ad hoc On-Demand Distance
     Vector (AODV) packet, which triggers an out-of-bounds memory access
     (bsc#905872).

   These non-security issues were fixed in tcpdump:

   - PPKI to Router Protocol: Fix Segmentation Faults and other problems
   - RPKI to Router Protocol: print strings with fn_printn()
   - Added a short option '#', same as long option '--number'
   - nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6
     enhancements/fixes
   - M3UA decode added.
   - Added bittok2str().
   - A number of unaligned access faults fixed
   - The -A flag does not consider CR to be printable anymore
   - fx.lebail took over coverity baby sitting
   - Default snapshot size increased to 256K for accomodate USB captures

   These non-security issues were fixed in libpcap:

   - Provide a -devel-static subpackage that contains the static libraries
     and all the extra dependencies which are not needed for dynamic linking.
   - Fix handling of packet count in the TPACKET_V3 inner loop
   - Filter out duplicate looped back CAN frames.
   - Fix the handling of loopback filters for IPv6 packets.
   - Add a link-layer header type for RDS (IEC 62106) groups.
   - Handle all CAN captures with pcap-linux.c, in cooked mode.
   - Removes the need for the "host-endian" link-layer header type.
   - Have separate DLTs for big-endian and host-endian SocketCAN headers.
   - Properly check for sock_recv() errors.
   - Re-impose some of Winsock's limitations on sock_recv().
   - Replace sprintf() with pcap_snprintf().
   - Fix signature of pcap_stats_ex_remote().
   - Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active"
     flag.
   - Clean up {DAG, Septel, Myricom SNF}-only builds.
   - pcap_create_interface() needs the interface name on Linux.
   - Clean up hardware time stamp support: the "any" device does not support
     any time stamp types.
   - Recognize 802.1ad nested VLAN tag in vlan filter.
   - Support for filtering Geneve encapsulated packets.
   - Fix handling of zones for BPF on Solaris
   - Added bpf_filter1() with extensions
   - EBUSY can now be returned by SNFv3 code.
   - Don't crash on filters testing a non-existent link-layer type field.
   - Fix sending in non-blocking mode on Linux with memory-mapped capture.
   - Fix timestamps when reading pcap-ng files on big-endian machines.
   - Fixes for byte order issues with NFLOG captures
   - Handle using cooked mode for DLT_NETLINK in activate_new().

   This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-557=1

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2017-557=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE Leap 42.2 (i586 x86_64):

      libpcap-debugsource-1.8.1-7.3.1
      libpcap-devel-1.8.1-7.3.1
      libpcap-devel-static-1.8.1-7.3.1
      libpcap1-1.8.1-7.3.1
      libpcap1-debuginfo-1.8.1-7.3.1

   - openSUSE Leap 42.2 (x86_64):

      libpcap-devel-32bit-1.8.1-7.3.1
      libpcap1-32bit-1.8.1-7.3.1
      libpcap1-debuginfo-32bit-1.8.1-7.3.1
      tcpdump-4.9.0-6.3.1
      tcpdump-debuginfo-4.9.0-6.3.1
      tcpdump-debugsource-4.9.0-6.3.1

   - openSUSE Leap 42.1 (i586 x86_64):

      libpcap-debugsource-1.8.1-8.1
      libpcap-devel-1.8.1-8.1
      libpcap-devel-static-1.8.1-8.1
      libpcap1-1.8.1-8.1
      libpcap1-debuginfo-1.8.1-8.1
      tcpdump-4.9.0-7.1
      tcpdump-debuginfo-4.9.0-7.1
      tcpdump-debugsource-4.9.0-7.1

   - openSUSE Leap 42.1 (x86_64):

      libpcap-devel-32bit-1.8.1-8.1
      libpcap1-32bit-1.8.1-8.1
      libpcap1-debuginfo-32bit-1.8.1-8.1

References:

   https://www.suse.com/security/cve/CVE-2014-8767.html
   https://www.suse.com/security/cve/CVE-2014-8768.html
   https://www.suse.com/security/cve/CVE-2014-8769.html
   https://www.suse.com/security/cve/CVE-2015-0261.html
   https://www.suse.com/security/cve/CVE-2015-2153.html
   https://www.suse.com/security/cve/CVE-2015-2154.html
   https://www.suse.com/security/cve/CVE-2015-2155.html
   https://www.suse.com/security/cve/CVE-2015-3138.html
   https://www.suse.com/security/cve/CVE-2016-7922.html
   https://www.suse.com/security/cve/CVE-2016-7923.html
   https://www.suse.com/security/cve/CVE-2016-7924.html
   https://www.suse.com/security/cve/CVE-2016-7925.html
   https://www.suse.com/security/cve/CVE-2016-7926.html
   https://www.suse.com/security/cve/CVE-2016-7927.html
   https://www.suse.com/security/cve/CVE-2016-7928.html
   https://www.suse.com/security/cve/CVE-2016-7929.html
   https://www.suse.com/security/cve/CVE-2016-7930.html
   https://www.suse.com/security/cve/CVE-2016-7931.html
   https://www.suse.com/security/cve/CVE-2016-7932.html
   https://www.suse.com/security/cve/CVE-2016-7933.html
   https://www.suse.com/security/cve/CVE-2016-7934.html
   https://www.suse.com/security/cve/CVE-2016-7935.html
   https://www.suse.com/security/cve/CVE-2016-7936.html
   https://www.suse.com/security/cve/CVE-2016-7937.html
   https://www.suse.com/security/cve/CVE-2016-7938.html
   https://www.suse.com/security/cve/CVE-2016-7939.html
   https://www.suse.com/security/cve/CVE-2016-7940.html
   https://www.suse.com/security/cve/CVE-2016-7973.html
   https://www.suse.com/security/cve/CVE-2016-7974.html
   https://www.suse.com/security/cve/CVE-2016-7975.html
   https://www.suse.com/security/cve/CVE-2016-7983.html
   https://www.suse.com/security/cve/CVE-2016-7984.html
   https://www.suse.com/security/cve/CVE-2016-7985.html
   https://www.suse.com/security/cve/CVE-2016-7986.html
   https://www.suse.com/security/cve/CVE-2016-7992.html
   https://www.suse.com/security/cve/CVE-2016-7993.html
   https://www.suse.com/security/cve/CVE-2016-8574.html
   https://www.suse.com/security/cve/CVE-2016-8575.html
   https://www.suse.com/security/cve/CVE-2017-5202.html
   https://www.suse.com/security/cve/CVE-2017-5203.html
   https://www.suse.com/security/cve/CVE-2017-5204.html
   https://www.suse.com/security/cve/CVE-2017-5205.html
   https://www.suse.com/security/cve/CVE-2017-5341.html
   https://www.suse.com/security/cve/CVE-2017-5342.html
   https://www.suse.com/security/cve/CVE-2017-5482.html
   https://www.suse.com/security/cve/CVE-2017-5483.html
   https://www.suse.com/security/cve/CVE-2017-5484.html
   https://www.suse.com/security/cve/CVE-2017-5485.html
   https://www.suse.com/security/cve/CVE-2017-5486.html
   https://bugzilla.suse.com/1020940
   https://bugzilla.suse.com/1035686
   https://bugzilla.suse.com/905870
   https://bugzilla.suse.com/905871
   https://bugzilla.suse.com/905872
   https://bugzilla.suse.com/922220
   https://bugzilla.suse.com/922221
   https://bugzilla.suse.com/922222
   https://bugzilla.suse.com/922223
   https://bugzilla.suse.com/927637

openSUSE-SU-2017:1199-1: moderate: Security update for tcpdump, libpcap

opensuse-security＠opensuse.org