This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5574852343667464512== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ahDpSi7BC3w00Trx9MP8f1hXdADT43Beb"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ahDpSi7BC3w00Trx9MP8f1hXdADT43Beb Content-Type: multipart/mixed; boundary="UmsfHQXlDSkWD1rXfDTRjbac1sRQ0EALa" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <3477c05a-cc55-c46c-9e8e-add3c6c58107@canonical.com> Subject: [USN-3205-1] tcpdump vulnerabilities
--UmsfHQXlDSkWD1rXfDTRjbac1sRQ0EALa Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3205-1 February 21, 2017
tcpdump vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
tcpdump could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - tcpdump: command-line network traffic analyzer
Details:
It was discovered that tcpdump incorrectly handled certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.
In the default installation, attackers would be isolated by the tcpdump AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: tcpdump 4.9.0-1ubuntu1~ubuntu16.10.1
Ubuntu 16.04 LTS: tcpdump 4.9.0-1ubuntu1~ubuntu16.04.1
Ubuntu 14.04 LTS: tcpdump 4.9.0-1ubuntu1~ubuntu14.04.1
Ubuntu 12.04 LTS: tcpdump 4.9.0-1ubuntu1~ubuntu12.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3205-1 CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486
Package Information: https://launchpad.net/ubuntu/+source/tcpdump/4.9.0-1ubuntu1~ubuntu16.10.1 https://launchpad.net/ubuntu/+source/tcpdump/4.9.0-1ubuntu1~ubuntu16.04.1 https://launchpad.net/ubuntu/+source/tcpdump/4.9.0-1ubuntu1~ubuntu14.04.1 https://launchpad.net/ubuntu/+source/tcpdump/4.9.0-1ubuntu1~ubuntu12.04.1
--UmsfHQXlDSkWD1rXfDTRjbac1sRQ0EALa--
--ahDpSi7BC3w00Trx9MP8f1hXdADT43Beb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJYrIVFAAoJEGVp2FWnRL6TpYQQAKUTUJJF7o/FgtlIjuDEWguW P5M+/LDf51yWoyiAOv7tWA/gyWhtrB1sB2iIymM44FlLI0358wFaffuY8aqO2D7t zy22sWbQSrwdzxAScP+fQiiy3UQnmg0XktMqQnADnjnCC795ttuUsylhCMJdAabe wrAagi7f43P3AB1VNbhR+DVuPBL9FJkBIGpzfDEv7DdFUDo3wbsJ6C743FZIN0w1 K3q7PZaQiTqc73mVw1J/GQ+4twYMT98eZpPKIHxhTWE+Lo3dMl+KhHwIh4UfoFNi A6XFXALnJNjhJ71QayD1lkarZXuy18Ft+3twsvpBCFG+/Yp/dbr/EHMVOvQTL5aY RGgHXjhlzwhyEjZBExzUzR4WeT+6TtVk6MHS5HNK2aNMeYqbeyJhHWmLEL5p1gEj S4BZn3QJ86YXbOzV1p1CJzPOltYJO4fcgvKiZppYg7T9uBmNtSHpbklVEidqRx+W SVvI6VdEBg24s1DQLCVh974eXm/Le8uX8VdyZl9qOXqGlnpnbzNUoSyluXrnn3nM rIGInMiVH/5Fgpb4d8krxEcLPmpVugCs5hvOo0uKgZSEraRJLwQXB0/P+ck1V4SZ 0Bm598SbYK6eSXsBDMEFCYPHFQ+n2Yqqc5CEKhZSyOlU0fHX1soIvt7L83MV0km+ IEKGfEyVt+K2IV0r/uta =oh8Z -----END PGP SIGNATURE-----
--ahDpSi7BC3w00Trx9MP8f1hXdADT43Beb--
--===============5574852343667464512== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5574852343667464512==--
|