The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of tcpdump: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of tcpdump.
Severity of this bulletin: 2/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 30/01/2017.
Références of this threat: bulletinapr2017, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486, DLA-809-1, DSA-3775-1, FEDORA-2017-7ecbc90157, HT207615, openSUSE-SU-2017:1199-1, RHSA-2017:1871-01, SSA:2017-041-04, USN-3205-1, VIGILANCE-VUL-21705.

Description of the vulnerability

An attacker can use several vulnerabilities of tcpdump.
Full Vigil@nce bulletin... (Free trial)

This cybersecurity alert impacts software or systems such as Mac OS X, Debian, Fedora, AIX, openSUSE Leap, Solaris, RHEL, Slackware, Synology DSM, Synology DS***, tcpdump, Ubuntu.

Our Vigil@nce team determined that the severity of this weakness is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 5 vulnerabilities.

An attacker with a expert ability can exploit this security weakness.

Solutions for this threat

tcpdump: version 4.9.0.
The version 4.9.0 is fixed:
  http://www.tcpdump.org/

Apple Mac OS X: version 10.12.4.
The version 10.12.4 is fixed.

Debian: new tcpdump packages.
New packages are available:
  Debian 7: tcpdump 4.9.0-1~deb7u1
  Debian 8: tcpdump 4.9.0-1~deb8u1

Fedora 25: new tcpdump packages.
New packages are available:
  Fedora 25: tcpdump 4.9.0-1.fc25

IBM AIX: patch for tcpdump.
A patch is available:
  http://aix.software.ibm.com/aix/efixes/security/tcpdump_fix2.tar

openSUSE Leap 42: new libpcap/tcpdump packages.
New packages are available:
  openSUSE Leap 42.1: libpcap 1.8.1-8.1, tcpdump 4.9.0-7.1
  openSUSE Leap 42.2: libpcap 1.8.1-7.3.1, tcpdump 4.9.0-6.3.1

Oracle Solaris: patch for third party software of April 2017 v1.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

RHEL 7: new tcpdump packages.
New packages are available:
  RHEL 7: tcpdump 4.9.0-5.el7

Slackware: new tcpdump packages.
New packages are available:
  Slackware 13.37: tcpdump 4.9.0-*-1_slack13.37
  Slackware 14.0: tcpdump 4.9.0-*-1_slack14.0
  Slackware 14.1: tcpdump 4.9.0-*-1_slack14.1
  Slackware 14.2: tcpdump 4.9.0-*-1_slack14.2

Synology DS***: version 6.1.1.
The version 6.1.1 is fixed.

Ubuntu: new tcpdump packages.
New packages are available:
  Ubuntu 16.10: tcpdump 4.9.0-1ubuntu1~ubuntu16.10.1
  Ubuntu 16.04 LTS: tcpdump 4.9.0-1ubuntu1~ubuntu16.04.1
  Ubuntu 14.04 LTS: tcpdump 4.9.0-1ubuntu1~ubuntu14.04.1
  Ubuntu 12.04 LTS: tcpdump 4.9.0-1ubuntu1~ubuntu12.04.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerabilities note. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.