From 1869f57551f86596512724b000d696bf6b041d14 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 20 2020 13:44:33 +0000 Subject: import tcpdump-4.9.2-4.el7_7.1 --- diff --git a/SOURCES/0015-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch b/SOURCES/0015-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch new file mode 100644 index 0000000..e340c93 --- /dev/null +++ b/SOURCES/0015-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch @@ -0,0 +1,26 @@ +From bbae61cda27b8d565456c95a697d9e7ed3298937 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 8 Oct 2019 14:32:32 +0200 +Subject: [PATCH] + 0015-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch + +--- + print-hncp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/print-hncp.c b/print-hncp.c +index 11a6a93..7537a0d 100644 +--- a/print-hncp.c ++++ b/print-hncp.c +@@ -229,6 +229,8 @@ print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length) + plenbytes += 1 + IPV4_MAPPED_HEADING_LEN; + } else { + plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf)); ++ if (plenbytes < 0) ++ return plenbytes; + } + + ND_PRINT((ndo, "%s", buf)); +-- +2.21.0 + diff --git a/SPECS/tcpdump.spec b/SPECS/tcpdump.spec index ea9db6e..60d23ae 100644 --- a/SPECS/tcpdump.spec +++ b/SPECS/tcpdump.spec @@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 Version: 4.9.2 -Release: 4%{?dist} +Release: 4%{?dist}.1 License: BSD with advertising URL: http://www.tcpdump.org Group: Applications/Internet @@ -27,6 +27,7 @@ Patch0011: 0011-Disable-tests-that-require-newer-version-of-libpcap.patch Patch0012: 0012-Make-default-capture-buffer-size-bigger.patch Patch0013: 0013-Add-printing-support-for-vsockmon-devices.patch Patch0014: 0014-Disable-test-with-unsupported-link-type.patch +Patch0015: 0015-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch %define tcpslice_dir tcpslice-1.2a3 @@ -92,6 +93,9 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Mon Oct 14 2019 Michal Ruprich - 14:4.9.2-4.1 +- Resolves: #1761349 - CVE-2018-19519 tcpdump: Stack-based buffer over-read in print-hncp.c + * Mon Jun 03 2019 Michal Ruprich - 14:4.9.2-4 - Resolves: #1664648 - tcpdump post creates user and groups unconditionally, raising alerts in corporate environment