tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [the-tcpdump-group/libpcap] CVE-2018-16301 information (#855)

From: Michael Richardson <mcr () sandelman ca>
Date: Sun, 06 Oct 2019 11:36:39 +0200
Beuc <notifications () github com> wrote:
    > I'm part of the Debian Long Term Support team, and I'd like to assess
    > if our packaged versions of libpcap are affected by CVE-2018-16301.

Yes.

    > 81c4e00e says it relates to "errors in pcapng reading", but I cannot
    > identify the related commit.

    > In addition, https://www.tcpdump.org/public-cve-list.txt doesn't list
    > it as fixed, and marks it as affecting tcpdump rather than libpcap.

!A 2018-08-01 Include Security F1: [libpcap] Remote Packet Capture Daemon (RPCAPD) Integer Overflow Leads to Heap 
Buffer Overflow rpcapd/daemon.c:daemon_unpackapplyfilter(), fixed in 1.9 branch, not master, CVE-2019-15161

CVE-2018-16301 is, I think, a duplicate of CVE-2019-15161 (libpcap).
It is fixed in 7f8d184f60bf3a228e3d17407dcc7c4a8689eb47.
It is in rpcapd, which I think that Debian does not ship, and was not present
in libpcap 1.8.x

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [ 
        



_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: