openSUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0616-1 Rating: moderate References: #922220 #922221 #922222 #922223 #923142 Cross-References: CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: tcpdump was updated to fix five vulnerabilities in protocol printers When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network. The following vulnerabilities were fixed: * IPv6 mobility printer remote DoS (CVE-2015-0261, bnc#922220) * PPP printer remote DoS (CVE-2014-9140, bnc#923142) * force printer remote DoS (CVE-2015-2155, bnc#922223) * ethernet printer remote DoS (CVE-2015-2154, bnc#922222) * tcp printer remote DoS (CVE-2015-2153, bnc#922221) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-267=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-267=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): tcpdump-4.6.2-8.1 tcpdump-debuginfo-4.6.2-8.1 tcpdump-debugsource-4.6.2-8.1 - openSUSE 13.1 (i586 x86_64): tcpdump-4.4.0-2.8.1 tcpdump-debuginfo-4.4.0-2.8.1 tcpdump-debugsource-4.4.0-2.8.1 References: https://www.suse.com/security/cve/CVE-2014-9140.html https://www.suse.com/security/cve/CVE-2015-0261.html https://www.suse.com/security/cve/CVE-2015-2153.html https://www.suse.com/security/cve/CVE-2015-2154.html https://www.suse.com/security/cve/CVE-2015-2155.html https://bugzilla.suse.com/922220 https://bugzilla.suse.com/922221 https://bugzilla.suse.com/922222 https://bugzilla.suse.com/922223 https://bugzilla.suse.com/923142