[SECURITY] [DLA 2444-1] tcpdump security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2444-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
November 10, 2020 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : tcpdump
Version : 4.9.3-1~deb9u2
CVE ID : CVE-2020-8037
Debian Bug : 973877
The ppp de-capsulator in tcpdump 4.9.3 can be convinced to allocate
a large amount of memory.
The buffer should be big enough to hold the captured data, but it
doesn’t need to be big enough to hold the entire on-the-network
packet, if we haven’t captured all of it.
For Debian 9 stretch, this problem has been fixed in version
4.9.3-1~deb9u2.
We recommend that you upgrade your tcpdump packages.
For the detailed security status of tcpdump please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tcpdump
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl+qq9wACgkQgj6WdgbD
S5ab6xAA6YGCXh0bjWynxopOgyHSVTGKOOLyjm5TZmeD56SHu2QV3cwmtuU1gHRE
dZXqGKYBn4TDLifoEqxmzJfYcTTYc7RD+/kfAF1AuhyZjp4PutP7z4LnsD3fCXpd
xroJGSwMIPTZu8vJhFzbeD+KJsgBmLllLAZDN44kg21pEdFb7hTLFhy0JXAGMEnd
9BSygQgG3qY8YDVqsIhqT/ONr2HHui9ZNaEJeHsaO95ZeQkURK0Z563K+/DO7bQI
OVt6QYdOIg6HQbgBCCzNkIK8pog/pP2CEb8ztOAlRtQLIa55JNxcpSW7agTc/mkH
pO86WQJo4mLz1fQCy97rJsTpVTti6tAJyAtU4qpH7Yhyg9PPj12cD5g2ol56VH8K
aSSepgHKg4UdIagwIhw372kQE7VMNHvPy1/eKJKpj2/l4ARwWpXEn1fjhQvdReXv
kcKfcJ00XaEA00W0zqZZAmvIf5oJ4149j42pkSV5eHqNYHJKIcV46ORAU9xuJClB
ldRwJ3hiR7lb85ejQxwx+msgBMSaKN66quWyeLtGtO450YxC4xzLaVlqKn2LIGjk
bsFPSp0nhqAR83aHSE8Kq4Q8u8A4kPOWPy5MaDmevzRlP7SE1baj9vFnDdYpx7d+
0lI43Nyc89uqlXD8tNSQ7CFGQtVeKHdFxKvNswhr4c7aIyHzrRs=
=810P
-----END PGP SIGNATURE-----
Reply to: