Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-16808 (GCVE-0-2017-16808)
Vulnerability from cvelistv5
Published
2017-11-13 21:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:35:21.042Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1039773", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039773", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/issues/645", }, { name: "openSUSE-SU-2019:1964", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html", }, { name: "20191002 [slackware-security] tcpdump (SSA:2019-274-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-11-13T00:00:00", descriptions: [ { lang: "en", value: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1039773", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039773", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/issues/645", }, { name: "openSUSE-SU-2019:1964", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html", }, { name: "20191002 [slackware-security] tcpdump (SSA:2019-274-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/2", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-16808", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1039773", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039773", }, { name: "https://github.com/the-tcpdump-group/tcpdump/issues/645", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/issues/645", }, { name: "openSUSE-SU-2019:1964", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html", }, { name: "20191002 [slackware-security] tcpdump (SSA:2019-274-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/2", }, { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-16808", datePublished: "2017-11-13T21:00:00", dateReserved: "2017-11-13T00:00:00", dateUpdated: "2024-08-05T20:35:21.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tcpdump:tcpdump:4.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9FBA366-800E-4163-8E22-A652750C4F28\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.\"}, {\"lang\": \"es\", \"value\": \"tcpdump en versiones anteriores a la 4.9.3 tiene una lectura en exceso del b\\u00fafer en la regi\\u00f3n heap de la memoria relacionada con aoe_print en print-aoe.c y lookup_emem en addrtoname.c.\"}]", id: "CVE-2017-16808", lastModified: "2024-11-21T03:17:00.927", metrics: "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", published: "2017-11-13T21:29:00.363", references: "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/26\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1039773\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/issues/645\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/23\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/kb/HT210788\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4252-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4252-2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Dec/26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1039773\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/the-tcpdump-group/tcpdump/issues/645\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/23\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT210788\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4252-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4252-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2017-16808\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-11-13T21:29:00.363\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.\"},{\"lang\":\"es\",\"value\":\"tcpdump en versiones anteriores a la 4.9.3 tiene una lectura en exceso del búfer en la región heap de la memoria relacionada con aoe_print en print-aoe.c y lookup_emem en addrtoname.c.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tcpdump:tcpdump:4.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9FBA366-800E-4163-8E22-A652750C4F28\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/Dec/26\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1039773\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/issues/645\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/23\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/2\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/kb/HT210788\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4252-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4252-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/Dec/26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1039773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/the-tcpdump-group/tcpdump/issues/645\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT210788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4252-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4252-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
opensuse-su-2019:1964-1
Vulnerability from csaf_opensuse
Published
2019-08-20 10:56
Modified
2019-08-20 10:56
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
Security issues fixed:
- CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439).
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-1964
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439).\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-1964", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1964-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:1964-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4VLIEZJL2QEPKCED2PAQPK5ATCJVUIOA/#4VLIEZJL2QEPKCED2PAQPK5ATCJVUIOA", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:1964-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4VLIEZJL2QEPKCED2PAQPK5ATCJVUIOA/#4VLIEZJL2QEPKCED2PAQPK5ATCJVUIOA", }, { category: "self", summary: "SUSE Bug 1068716", url: "https://bugzilla.suse.com/1068716", }, { category: "self", summary: "SUSE Bug 1142439", url: "https://bugzilla.suse.com/1142439", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2019-08-20T10:56:53Z", generator: { date: "2019-08-20T10:56:53Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:1964-1", initial_release_date: "2019-08-20T10:56:53Z", revision_history: [ { date: "2019-08-20T10:56:53Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-lp151.4.3.1.x86_64", product: { name: "tcpdump-4.9.2-lp151.4.3.1.x86_64", product_id: "tcpdump-4.9.2-lp151.4.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.0", product: { name: "openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.0", }, }, }, { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:tcpdump-4.9.2-lp151.4.3.1.x86_64", }, product_reference: "tcpdump-4.9.2-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.0", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.3.1.x86_64", }, product_reference: "tcpdump-4.9.2-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-08-20T10:56:53Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-08-20T10:56:53Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, ], }
opensuse-su-2019:2348-1
Vulnerability from csaf_opensuse
Published
2019-10-20 18:19
Modified
2019-10-20 18:19
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).
- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).
- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).
- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).
- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).
- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).
- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).
- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).
- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).
- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).
- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).
- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).
- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).
- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).
- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).
- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).
- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).
- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).
- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).
- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).
- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098).
- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).
- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2348
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-2348", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2348-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:2348-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G/#ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:2348-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G/#ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G", }, { category: "self", summary: "SUSE Bug 1068716", url: "https://bugzilla.suse.com/1068716", }, { category: "self", summary: "SUSE Bug 1153098", url: "https://bugzilla.suse.com/1153098", }, { category: "self", summary: "SUSE Bug 1153332", url: "https://bugzilla.suse.com/1153332", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2018-10103 page", url: "https://www.suse.com/security/cve/CVE-2018-10103/", }, { category: "self", summary: "SUSE CVE CVE-2018-10105 page", url: "https://www.suse.com/security/cve/CVE-2018-10105/", }, { category: "self", summary: "SUSE CVE CVE-2018-14461 page", url: "https://www.suse.com/security/cve/CVE-2018-14461/", }, { category: "self", summary: "SUSE CVE CVE-2018-14462 page", url: "https://www.suse.com/security/cve/CVE-2018-14462/", }, { category: "self", summary: "SUSE CVE CVE-2018-14463 page", url: "https://www.suse.com/security/cve/CVE-2018-14463/", }, { category: "self", summary: "SUSE CVE CVE-2018-14464 page", url: "https://www.suse.com/security/cve/CVE-2018-14464/", }, { category: "self", summary: "SUSE CVE CVE-2018-14465 page", url: "https://www.suse.com/security/cve/CVE-2018-14465/", }, { category: "self", summary: "SUSE CVE CVE-2018-14466 page", url: "https://www.suse.com/security/cve/CVE-2018-14466/", }, { category: "self", summary: "SUSE CVE CVE-2018-14467 page", url: "https://www.suse.com/security/cve/CVE-2018-14467/", }, { category: "self", summary: "SUSE CVE CVE-2018-14468 page", url: "https://www.suse.com/security/cve/CVE-2018-14468/", }, { category: "self", summary: "SUSE CVE CVE-2018-14469 page", url: "https://www.suse.com/security/cve/CVE-2018-14469/", }, { category: "self", summary: "SUSE CVE CVE-2018-14470 page", url: "https://www.suse.com/security/cve/CVE-2018-14470/", }, { category: "self", summary: "SUSE CVE CVE-2018-14879 page", url: "https://www.suse.com/security/cve/CVE-2018-14879/", }, { category: "self", summary: "SUSE CVE CVE-2018-14880 page", url: "https://www.suse.com/security/cve/CVE-2018-14880/", }, { category: "self", summary: "SUSE CVE CVE-2018-14881 page", url: "https://www.suse.com/security/cve/CVE-2018-14881/", }, { category: "self", summary: "SUSE CVE CVE-2018-14882 page", url: "https://www.suse.com/security/cve/CVE-2018-14882/", }, { category: "self", summary: "SUSE CVE CVE-2018-16227 page", url: "https://www.suse.com/security/cve/CVE-2018-16227/", }, { category: "self", summary: "SUSE CVE CVE-2018-16228 page", url: "https://www.suse.com/security/cve/CVE-2018-16228/", }, { category: "self", summary: "SUSE CVE CVE-2018-16229 page", url: "https://www.suse.com/security/cve/CVE-2018-16229/", }, { category: "self", summary: "SUSE CVE CVE-2018-16230 page", url: "https://www.suse.com/security/cve/CVE-2018-16230/", }, { category: "self", summary: "SUSE CVE CVE-2018-16300 page", url: "https://www.suse.com/security/cve/CVE-2018-16300/", }, { category: "self", summary: "SUSE CVE CVE-2018-16301 page", url: "https://www.suse.com/security/cve/CVE-2018-16301/", }, { category: "self", summary: "SUSE CVE CVE-2018-16451 page", url: "https://www.suse.com/security/cve/CVE-2018-16451/", }, { category: "self", summary: "SUSE CVE CVE-2018-16452 page", url: "https://www.suse.com/security/cve/CVE-2018-16452/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, { category: "self", summary: "SUSE CVE CVE-2019-15166 page", url: "https://www.suse.com/security/cve/CVE-2019-15166/", }, { category: "self", summary: "SUSE CVE CVE-2019-15167 page", url: "https://www.suse.com/security/cve/CVE-2019-15167/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2019-10-20T18:19:33Z", generator: { date: "2019-10-20T18:19:33Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:2348-1", initial_release_date: "2019-10-20T18:19:33Z", revision_history: [ { date: "2019-10-20T18:19:33Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-lp151.4.6.1.x86_64", product: { name: "tcpdump-4.9.2-lp151.4.6.1.x86_64", product_id: "tcpdump-4.9.2-lp151.4.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", }, product_reference: "tcpdump-4.9.2-lp151.4.6.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2018-10103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10103", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10103", url: "https://www.suse.com/security/cve/CVE-2018-10103", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10103", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-10103", }, { cve: "CVE-2018-10105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10105", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10105", url: "https://www.suse.com/security/cve/CVE-2018-10105", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10105", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-10105", }, { cve: "CVE-2018-14461", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14461", }, ], notes: [ { category: "general", text: "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14461", url: "https://www.suse.com/security/cve/CVE-2018-14461", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14461", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14461", }, { cve: "CVE-2018-14462", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14462", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14462", url: "https://www.suse.com/security/cve/CVE-2018-14462", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14462", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14462", }, { cve: "CVE-2018-14463", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14463", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14463", url: "https://www.suse.com/security/cve/CVE-2018-14463", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14463", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14463", }, { cve: "CVE-2018-14464", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14464", }, ], notes: [ { category: "general", text: "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14464", url: "https://www.suse.com/security/cve/CVE-2018-14464", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14464", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14464", }, { cve: "CVE-2018-14465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14465", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14465", url: "https://www.suse.com/security/cve/CVE-2018-14465", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14465", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14465", }, { cve: "CVE-2018-14466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14466", }, ], notes: [ { category: "general", text: "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14466", url: "https://www.suse.com/security/cve/CVE-2018-14466", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14466", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1166972 for CVE-2018-14466", url: "https://bugzilla.suse.com/1166972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14466", }, { cve: "CVE-2018-14467", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14467", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14467", url: "https://www.suse.com/security/cve/CVE-2018-14467", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14467", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14467", }, { cve: "CVE-2018-14468", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14468", }, ], notes: [ { category: "general", text: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14468", url: "https://www.suse.com/security/cve/CVE-2018-14468", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14468", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14468", }, { cve: "CVE-2018-14469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14469", }, ], notes: [ { category: "general", text: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14469", url: "https://www.suse.com/security/cve/CVE-2018-14469", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14469", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14469", }, { cve: "CVE-2018-14470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14470", }, ], notes: [ { category: "general", text: "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14470", url: "https://www.suse.com/security/cve/CVE-2018-14470", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14470", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14470", }, { cve: "CVE-2018-14879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14879", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14879", url: "https://www.suse.com/security/cve/CVE-2018-14879", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14879", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "low", }, ], title: "CVE-2018-14879", }, { cve: "CVE-2018-14880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14880", }, ], notes: [ { category: "general", text: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14880", url: "https://www.suse.com/security/cve/CVE-2018-14880", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14880", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14880", }, { cve: "CVE-2018-14881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14881", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14881", url: "https://www.suse.com/security/cve/CVE-2018-14881", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14881", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14881", }, { cve: "CVE-2018-14882", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14882", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14882", url: "https://www.suse.com/security/cve/CVE-2018-14882", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14882", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-14882", }, { cve: "CVE-2018-16227", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16227", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16227", url: "https://www.suse.com/security/cve/CVE-2018-16227", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16227", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-16227", }, { cve: "CVE-2018-16228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16228", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16228", url: "https://www.suse.com/security/cve/CVE-2018-16228", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16228", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-16228", }, { cve: "CVE-2018-16229", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16229", }, ], notes: [ { category: "general", text: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16229", url: "https://www.suse.com/security/cve/CVE-2018-16229", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16229", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-16229", }, { cve: "CVE-2018-16230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16230", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16230", url: "https://www.suse.com/security/cve/CVE-2018-16230", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16230", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-16230", }, { cve: "CVE-2018-16300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16300", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16300", url: "https://www.suse.com/security/cve/CVE-2018-16300", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16300", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "important", }, ], title: "CVE-2018-16300", }, { cve: "CVE-2018-16301", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16301", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16301", url: "https://www.suse.com/security/cve/CVE-2018-16301", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1153332 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153332", }, { category: "external", summary: "SUSE Bug 1195825 for CVE-2018-16301", url: "https://bugzilla.suse.com/1195825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "important", }, ], title: "CVE-2018-16301", }, { cve: "CVE-2018-16451", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16451", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16451", url: "https://www.suse.com/security/cve/CVE-2018-16451", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16451", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-16451", }, { cve: "CVE-2018-16452", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16452", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16452", url: "https://www.suse.com/security/cve/CVE-2018-16452", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16452", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2018-16452", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, { cve: "CVE-2019-15166", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15166", }, ], notes: [ { category: "general", text: "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15166", url: "https://www.suse.com/security/cve/CVE-2019-15166", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15166", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2019-15166", }, { cve: "CVE-2019-15167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15167", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15167", url: "https://www.suse.com/security/cve/CVE-2019-15167", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15167", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.1:tcpdump-4.9.2-lp151.4.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T18:19:33Z", details: "moderate", }, ], title: "CVE-2019-15167", }, ], }
opensuse-su-2019:2344-1
Vulnerability from csaf_opensuse
Published
2019-10-20 16:18
Modified
2019-10-20 16:18
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).
- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).
- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).
- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).
- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).
- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).
- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).
- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).
- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).
- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).
- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).
- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).
- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).
- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).
- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).
- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).
- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).
- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).
- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).
- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).
- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098).
- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).
- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-2344
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2019-2344", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2344-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2019:2344-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA/#MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2019:2344-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA/#MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA", }, { category: "self", summary: "SUSE Bug 1068716", url: "https://bugzilla.suse.com/1068716", }, { category: "self", summary: "SUSE Bug 1153098", url: "https://bugzilla.suse.com/1153098", }, { category: "self", summary: "SUSE Bug 1153332", url: "https://bugzilla.suse.com/1153332", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2018-10103 page", url: "https://www.suse.com/security/cve/CVE-2018-10103/", }, { category: "self", summary: "SUSE CVE CVE-2018-10105 page", url: "https://www.suse.com/security/cve/CVE-2018-10105/", }, { category: "self", summary: "SUSE CVE CVE-2018-14461 page", url: "https://www.suse.com/security/cve/CVE-2018-14461/", }, { category: "self", summary: "SUSE CVE CVE-2018-14462 page", url: "https://www.suse.com/security/cve/CVE-2018-14462/", }, { category: "self", summary: "SUSE CVE CVE-2018-14463 page", url: "https://www.suse.com/security/cve/CVE-2018-14463/", }, { category: "self", summary: "SUSE CVE CVE-2018-14464 page", url: "https://www.suse.com/security/cve/CVE-2018-14464/", }, { category: "self", summary: "SUSE CVE CVE-2018-14465 page", url: "https://www.suse.com/security/cve/CVE-2018-14465/", }, { category: "self", summary: "SUSE CVE CVE-2018-14466 page", url: "https://www.suse.com/security/cve/CVE-2018-14466/", }, { category: "self", summary: "SUSE CVE CVE-2018-14467 page", url: "https://www.suse.com/security/cve/CVE-2018-14467/", }, { category: "self", summary: "SUSE CVE CVE-2018-14468 page", url: "https://www.suse.com/security/cve/CVE-2018-14468/", }, { category: "self", summary: "SUSE CVE CVE-2018-14469 page", url: "https://www.suse.com/security/cve/CVE-2018-14469/", }, { category: "self", summary: "SUSE CVE CVE-2018-14470 page", url: "https://www.suse.com/security/cve/CVE-2018-14470/", }, { category: "self", summary: "SUSE CVE CVE-2018-14879 page", url: "https://www.suse.com/security/cve/CVE-2018-14879/", }, { category: "self", summary: "SUSE CVE CVE-2018-14880 page", url: "https://www.suse.com/security/cve/CVE-2018-14880/", }, { category: "self", summary: "SUSE CVE CVE-2018-14881 page", url: "https://www.suse.com/security/cve/CVE-2018-14881/", }, { category: "self", summary: "SUSE CVE CVE-2018-14882 page", url: "https://www.suse.com/security/cve/CVE-2018-14882/", }, { category: "self", summary: "SUSE CVE CVE-2018-16227 page", url: "https://www.suse.com/security/cve/CVE-2018-16227/", }, { category: "self", summary: "SUSE CVE CVE-2018-16228 page", url: "https://www.suse.com/security/cve/CVE-2018-16228/", }, { category: "self", summary: "SUSE CVE CVE-2018-16229 page", url: "https://www.suse.com/security/cve/CVE-2018-16229/", }, { category: "self", summary: "SUSE CVE CVE-2018-16230 page", url: "https://www.suse.com/security/cve/CVE-2018-16230/", }, { category: "self", summary: "SUSE CVE CVE-2018-16300 page", url: "https://www.suse.com/security/cve/CVE-2018-16300/", }, { category: "self", summary: "SUSE CVE CVE-2018-16301 page", url: "https://www.suse.com/security/cve/CVE-2018-16301/", }, { category: "self", summary: "SUSE CVE CVE-2018-16451 page", url: "https://www.suse.com/security/cve/CVE-2018-16451/", }, { category: "self", summary: "SUSE CVE CVE-2018-16452 page", url: "https://www.suse.com/security/cve/CVE-2018-16452/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, { category: "self", summary: "SUSE CVE CVE-2019-15166 page", url: "https://www.suse.com/security/cve/CVE-2019-15166/", }, { category: "self", summary: "SUSE CVE CVE-2019-15167 page", url: "https://www.suse.com/security/cve/CVE-2019-15167/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2019-10-20T16:18:13Z", generator: { date: "2019-10-20T16:18:13Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2019:2344-1", initial_release_date: "2019-10-20T16:18:13Z", revision_history: [ { date: "2019-10-20T16:18:13Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-lp150.10.1.x86_64", product: { name: "tcpdump-4.9.2-lp150.10.1.x86_64", product_id: "tcpdump-4.9.2-lp150.10.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.0", product: { name: "openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.0", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-lp150.10.1.x86_64 as component of openSUSE Leap 15.0", product_id: "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", }, product_reference: "tcpdump-4.9.2-lp150.10.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.0", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2018-10103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10103", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10103", url: "https://www.suse.com/security/cve/CVE-2018-10103", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10103", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-10103", }, { cve: "CVE-2018-10105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10105", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10105", url: "https://www.suse.com/security/cve/CVE-2018-10105", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10105", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-10105", }, { cve: "CVE-2018-14461", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14461", }, ], notes: [ { category: "general", text: "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14461", url: "https://www.suse.com/security/cve/CVE-2018-14461", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14461", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14461", }, { cve: "CVE-2018-14462", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14462", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14462", url: "https://www.suse.com/security/cve/CVE-2018-14462", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14462", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14462", }, { cve: "CVE-2018-14463", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14463", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14463", url: "https://www.suse.com/security/cve/CVE-2018-14463", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14463", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14463", }, { cve: "CVE-2018-14464", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14464", }, ], notes: [ { category: "general", text: "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14464", url: "https://www.suse.com/security/cve/CVE-2018-14464", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14464", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14464", }, { cve: "CVE-2018-14465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14465", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14465", url: "https://www.suse.com/security/cve/CVE-2018-14465", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14465", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14465", }, { cve: "CVE-2018-14466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14466", }, ], notes: [ { category: "general", text: "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14466", url: "https://www.suse.com/security/cve/CVE-2018-14466", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14466", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1166972 for CVE-2018-14466", url: "https://bugzilla.suse.com/1166972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14466", }, { cve: "CVE-2018-14467", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14467", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14467", url: "https://www.suse.com/security/cve/CVE-2018-14467", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14467", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14467", }, { cve: "CVE-2018-14468", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14468", }, ], notes: [ { category: "general", text: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14468", url: "https://www.suse.com/security/cve/CVE-2018-14468", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14468", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14468", }, { cve: "CVE-2018-14469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14469", }, ], notes: [ { category: "general", text: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14469", url: "https://www.suse.com/security/cve/CVE-2018-14469", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14469", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14469", }, { cve: "CVE-2018-14470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14470", }, ], notes: [ { category: "general", text: "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14470", url: "https://www.suse.com/security/cve/CVE-2018-14470", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14470", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14470", }, { cve: "CVE-2018-14879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14879", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14879", url: "https://www.suse.com/security/cve/CVE-2018-14879", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14879", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "low", }, ], title: "CVE-2018-14879", }, { cve: "CVE-2018-14880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14880", }, ], notes: [ { category: "general", text: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14880", url: "https://www.suse.com/security/cve/CVE-2018-14880", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14880", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14880", }, { cve: "CVE-2018-14881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14881", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14881", url: "https://www.suse.com/security/cve/CVE-2018-14881", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14881", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14881", }, { cve: "CVE-2018-14882", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14882", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14882", url: "https://www.suse.com/security/cve/CVE-2018-14882", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14882", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-14882", }, { cve: "CVE-2018-16227", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16227", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16227", url: "https://www.suse.com/security/cve/CVE-2018-16227", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16227", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-16227", }, { cve: "CVE-2018-16228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16228", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16228", url: "https://www.suse.com/security/cve/CVE-2018-16228", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16228", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-16228", }, { cve: "CVE-2018-16229", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16229", }, ], notes: [ { category: "general", text: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16229", url: "https://www.suse.com/security/cve/CVE-2018-16229", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16229", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-16229", }, { cve: "CVE-2018-16230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16230", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16230", url: "https://www.suse.com/security/cve/CVE-2018-16230", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16230", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-16230", }, { cve: "CVE-2018-16300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16300", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16300", url: "https://www.suse.com/security/cve/CVE-2018-16300", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16300", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "important", }, ], title: "CVE-2018-16300", }, { cve: "CVE-2018-16301", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16301", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16301", url: "https://www.suse.com/security/cve/CVE-2018-16301", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1153332 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153332", }, { category: "external", summary: "SUSE Bug 1195825 for CVE-2018-16301", url: "https://bugzilla.suse.com/1195825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "important", }, ], title: "CVE-2018-16301", }, { cve: "CVE-2018-16451", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16451", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16451", url: "https://www.suse.com/security/cve/CVE-2018-16451", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16451", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-16451", }, { cve: "CVE-2018-16452", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16452", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16452", url: "https://www.suse.com/security/cve/CVE-2018-16452", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16452", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2018-16452", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, { cve: "CVE-2019-15166", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15166", }, ], notes: [ { category: "general", text: "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15166", url: "https://www.suse.com/security/cve/CVE-2019-15166", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15166", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2019-15166", }, { cve: "CVE-2019-15167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15167", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15167", url: "https://www.suse.com/security/cve/CVE-2019-15167", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15167", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.0:tcpdump-4.9.2-lp150.10.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-20T16:18:13Z", details: "moderate", }, ], title: "CVE-2019-15167", }, ], }
opensuse-su-2024:11425-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
tcpdump-4.99.1-1.2 on GA media
Notes
Title of the patch
tcpdump-4.99.1-1.2 on GA media
Description of the patch
These are all security issues fixed in the tcpdump-4.99.1-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11425
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "tcpdump-4.99.1-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the tcpdump-4.99.1-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11425", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11425-1.json", }, { category: "self", summary: "SUSE CVE CVE-2016-7922 page", url: "https://www.suse.com/security/cve/CVE-2016-7922/", }, { category: "self", summary: "SUSE CVE CVE-2016-7923 page", url: "https://www.suse.com/security/cve/CVE-2016-7923/", }, { category: "self", summary: "SUSE CVE CVE-2016-7924 page", url: "https://www.suse.com/security/cve/CVE-2016-7924/", }, { category: "self", summary: "SUSE CVE CVE-2016-7925 page", url: "https://www.suse.com/security/cve/CVE-2016-7925/", }, { category: "self", summary: "SUSE CVE CVE-2016-7926 page", url: "https://www.suse.com/security/cve/CVE-2016-7926/", }, { category: "self", summary: "SUSE CVE CVE-2016-7927 page", url: "https://www.suse.com/security/cve/CVE-2016-7927/", }, { category: "self", summary: "SUSE CVE CVE-2016-7928 page", url: "https://www.suse.com/security/cve/CVE-2016-7928/", }, { category: "self", summary: "SUSE CVE CVE-2016-7929 page", url: "https://www.suse.com/security/cve/CVE-2016-7929/", }, { category: "self", summary: "SUSE CVE CVE-2016-7930 page", url: "https://www.suse.com/security/cve/CVE-2016-7930/", }, { category: "self", summary: "SUSE CVE CVE-2016-7931 page", url: "https://www.suse.com/security/cve/CVE-2016-7931/", }, { category: "self", summary: "SUSE CVE CVE-2016-7932 page", url: "https://www.suse.com/security/cve/CVE-2016-7932/", }, { category: "self", summary: "SUSE CVE CVE-2016-7933 page", url: "https://www.suse.com/security/cve/CVE-2016-7933/", }, { category: "self", summary: "SUSE CVE CVE-2016-7934 page", url: "https://www.suse.com/security/cve/CVE-2016-7934/", }, { category: "self", summary: "SUSE CVE CVE-2016-7935 page", url: "https://www.suse.com/security/cve/CVE-2016-7935/", }, { category: "self", summary: "SUSE CVE CVE-2016-7936 page", url: "https://www.suse.com/security/cve/CVE-2016-7936/", }, { category: "self", summary: "SUSE CVE CVE-2016-7937 page", url: "https://www.suse.com/security/cve/CVE-2016-7937/", }, { category: "self", summary: "SUSE CVE CVE-2016-7938 page", url: "https://www.suse.com/security/cve/CVE-2016-7938/", }, { category: "self", summary: "SUSE CVE CVE-2016-7939 page", url: "https://www.suse.com/security/cve/CVE-2016-7939/", }, { category: "self", summary: "SUSE CVE CVE-2016-7940 page", url: "https://www.suse.com/security/cve/CVE-2016-7940/", }, { category: "self", summary: "SUSE CVE CVE-2016-7973 page", url: "https://www.suse.com/security/cve/CVE-2016-7973/", }, { category: "self", summary: "SUSE CVE CVE-2016-7974 page", url: "https://www.suse.com/security/cve/CVE-2016-7974/", }, { category: "self", summary: "SUSE CVE CVE-2016-7975 page", url: "https://www.suse.com/security/cve/CVE-2016-7975/", }, { category: "self", summary: "SUSE CVE CVE-2016-7983 page", url: "https://www.suse.com/security/cve/CVE-2016-7983/", }, { category: "self", summary: "SUSE CVE CVE-2016-7984 page", url: "https://www.suse.com/security/cve/CVE-2016-7984/", }, { category: "self", summary: "SUSE CVE CVE-2016-7985 page", url: "https://www.suse.com/security/cve/CVE-2016-7985/", }, { category: "self", summary: "SUSE CVE CVE-2016-7986 page", url: "https://www.suse.com/security/cve/CVE-2016-7986/", }, { category: "self", summary: "SUSE CVE CVE-2016-7992 page", url: "https://www.suse.com/security/cve/CVE-2016-7992/", }, { category: "self", summary: "SUSE CVE CVE-2016-7993 page", url: "https://www.suse.com/security/cve/CVE-2016-7993/", }, { category: "self", summary: "SUSE CVE CVE-2016-8574 page", url: "https://www.suse.com/security/cve/CVE-2016-8574/", }, { category: "self", summary: "SUSE CVE CVE-2016-8575 page", url: "https://www.suse.com/security/cve/CVE-2016-8575/", }, { category: "self", summary: "SUSE CVE CVE-2017-11108 page", url: "https://www.suse.com/security/cve/CVE-2017-11108/", }, { category: "self", summary: "SUSE CVE CVE-2017-11541 page", url: "https://www.suse.com/security/cve/CVE-2017-11541/", }, { category: "self", summary: "SUSE CVE CVE-2017-11542 page", url: "https://www.suse.com/security/cve/CVE-2017-11542/", }, { category: "self", summary: "SUSE CVE CVE-2017-11543 page", url: "https://www.suse.com/security/cve/CVE-2017-11543/", }, { category: "self", summary: "SUSE CVE CVE-2017-12893 page", url: "https://www.suse.com/security/cve/CVE-2017-12893/", }, { category: "self", summary: "SUSE CVE CVE-2017-12894 page", url: "https://www.suse.com/security/cve/CVE-2017-12894/", }, { category: "self", summary: "SUSE CVE CVE-2017-12895 page", url: "https://www.suse.com/security/cve/CVE-2017-12895/", }, { category: "self", summary: "SUSE CVE CVE-2017-12896 page", url: "https://www.suse.com/security/cve/CVE-2017-12896/", }, { category: "self", summary: "SUSE CVE CVE-2017-12897 page", url: "https://www.suse.com/security/cve/CVE-2017-12897/", }, { category: "self", summary: "SUSE CVE CVE-2017-12898 page", url: "https://www.suse.com/security/cve/CVE-2017-12898/", }, { category: "self", summary: "SUSE CVE CVE-2017-12899 page", url: "https://www.suse.com/security/cve/CVE-2017-12899/", }, { category: "self", summary: "SUSE CVE CVE-2017-12900 page", url: "https://www.suse.com/security/cve/CVE-2017-12900/", }, { category: "self", summary: "SUSE CVE CVE-2017-12901 page", url: "https://www.suse.com/security/cve/CVE-2017-12901/", }, { category: "self", summary: "SUSE CVE CVE-2017-12902 page", url: "https://www.suse.com/security/cve/CVE-2017-12902/", }, { category: "self", summary: "SUSE CVE CVE-2017-12985 page", url: "https://www.suse.com/security/cve/CVE-2017-12985/", }, { category: "self", summary: "SUSE CVE CVE-2017-12986 page", url: "https://www.suse.com/security/cve/CVE-2017-12986/", }, { category: "self", summary: "SUSE CVE CVE-2017-12987 page", url: "https://www.suse.com/security/cve/CVE-2017-12987/", }, { category: "self", summary: "SUSE CVE CVE-2017-12988 page", url: "https://www.suse.com/security/cve/CVE-2017-12988/", }, { category: "self", summary: "SUSE CVE CVE-2017-12989 page", url: "https://www.suse.com/security/cve/CVE-2017-12989/", }, { category: "self", summary: "SUSE CVE CVE-2017-12990 page", url: "https://www.suse.com/security/cve/CVE-2017-12990/", }, { category: "self", summary: "SUSE CVE CVE-2017-12991 page", url: "https://www.suse.com/security/cve/CVE-2017-12991/", }, { category: "self", summary: "SUSE CVE CVE-2017-12992 page", url: "https://www.suse.com/security/cve/CVE-2017-12992/", }, { category: "self", summary: "SUSE CVE CVE-2017-12993 page", url: "https://www.suse.com/security/cve/CVE-2017-12993/", }, { category: "self", summary: "SUSE CVE CVE-2017-12994 page", url: "https://www.suse.com/security/cve/CVE-2017-12994/", }, { category: "self", summary: "SUSE CVE CVE-2017-12995 page", url: "https://www.suse.com/security/cve/CVE-2017-12995/", }, { category: "self", summary: "SUSE CVE CVE-2017-12996 page", url: "https://www.suse.com/security/cve/CVE-2017-12996/", }, { category: "self", summary: "SUSE CVE CVE-2017-12997 page", url: "https://www.suse.com/security/cve/CVE-2017-12997/", }, { category: "self", summary: "SUSE CVE CVE-2017-12998 page", url: "https://www.suse.com/security/cve/CVE-2017-12998/", }, { category: "self", summary: "SUSE CVE CVE-2017-12999 page", url: "https://www.suse.com/security/cve/CVE-2017-12999/", }, { category: "self", summary: "SUSE CVE CVE-2017-13000 page", url: "https://www.suse.com/security/cve/CVE-2017-13000/", }, { category: "self", summary: "SUSE CVE CVE-2017-13001 page", url: "https://www.suse.com/security/cve/CVE-2017-13001/", }, { category: "self", summary: "SUSE CVE CVE-2017-13002 page", url: "https://www.suse.com/security/cve/CVE-2017-13002/", }, { category: "self", summary: "SUSE CVE CVE-2017-13003 page", url: "https://www.suse.com/security/cve/CVE-2017-13003/", }, { category: "self", summary: "SUSE CVE CVE-2017-13004 page", url: "https://www.suse.com/security/cve/CVE-2017-13004/", }, { category: "self", summary: "SUSE CVE CVE-2017-13005 page", url: "https://www.suse.com/security/cve/CVE-2017-13005/", }, { category: "self", summary: "SUSE CVE CVE-2017-13006 page", url: "https://www.suse.com/security/cve/CVE-2017-13006/", }, { category: "self", summary: "SUSE CVE CVE-2017-13007 page", url: "https://www.suse.com/security/cve/CVE-2017-13007/", }, { category: "self", summary: "SUSE CVE CVE-2017-13008 page", url: "https://www.suse.com/security/cve/CVE-2017-13008/", }, { category: "self", summary: "SUSE CVE CVE-2017-13009 page", url: "https://www.suse.com/security/cve/CVE-2017-13009/", }, { category: "self", summary: "SUSE CVE CVE-2017-13010 page", url: "https://www.suse.com/security/cve/CVE-2017-13010/", }, { category: "self", summary: "SUSE CVE CVE-2017-13011 page", url: "https://www.suse.com/security/cve/CVE-2017-13011/", }, { category: "self", summary: "SUSE CVE CVE-2017-13012 page", url: "https://www.suse.com/security/cve/CVE-2017-13012/", }, { category: "self", summary: "SUSE CVE CVE-2017-13013 page", url: "https://www.suse.com/security/cve/CVE-2017-13013/", }, { category: "self", summary: "SUSE CVE CVE-2017-13014 page", url: "https://www.suse.com/security/cve/CVE-2017-13014/", }, { category: "self", summary: "SUSE CVE CVE-2017-13015 page", url: "https://www.suse.com/security/cve/CVE-2017-13015/", }, { category: "self", summary: "SUSE CVE CVE-2017-13016 page", url: "https://www.suse.com/security/cve/CVE-2017-13016/", }, { category: "self", summary: "SUSE CVE CVE-2017-13017 page", url: "https://www.suse.com/security/cve/CVE-2017-13017/", }, { category: "self", summary: "SUSE CVE CVE-2017-13018 page", url: "https://www.suse.com/security/cve/CVE-2017-13018/", }, { category: "self", summary: "SUSE CVE CVE-2017-13019 page", url: "https://www.suse.com/security/cve/CVE-2017-13019/", }, { category: "self", summary: "SUSE CVE CVE-2017-13020 page", url: "https://www.suse.com/security/cve/CVE-2017-13020/", }, { category: "self", summary: "SUSE CVE CVE-2017-13021 page", url: "https://www.suse.com/security/cve/CVE-2017-13021/", }, { category: "self", summary: "SUSE CVE CVE-2017-13022 page", url: "https://www.suse.com/security/cve/CVE-2017-13022/", }, { category: "self", summary: "SUSE CVE CVE-2017-13023 page", url: "https://www.suse.com/security/cve/CVE-2017-13023/", }, { category: "self", summary: "SUSE CVE CVE-2017-13024 page", url: "https://www.suse.com/security/cve/CVE-2017-13024/", }, { category: "self", summary: "SUSE CVE CVE-2017-13025 page", url: "https://www.suse.com/security/cve/CVE-2017-13025/", }, { category: "self", summary: "SUSE CVE CVE-2017-13026 page", url: "https://www.suse.com/security/cve/CVE-2017-13026/", }, { category: "self", summary: "SUSE CVE CVE-2017-13027 page", url: "https://www.suse.com/security/cve/CVE-2017-13027/", }, { category: "self", summary: "SUSE CVE CVE-2017-13028 page", url: "https://www.suse.com/security/cve/CVE-2017-13028/", }, { category: "self", summary: "SUSE CVE CVE-2017-13029 page", url: "https://www.suse.com/security/cve/CVE-2017-13029/", }, { category: "self", summary: "SUSE CVE CVE-2017-13030 page", url: "https://www.suse.com/security/cve/CVE-2017-13030/", }, { category: "self", summary: "SUSE CVE CVE-2017-13031 page", url: "https://www.suse.com/security/cve/CVE-2017-13031/", }, { category: "self", summary: "SUSE CVE CVE-2017-13032 page", url: "https://www.suse.com/security/cve/CVE-2017-13032/", }, { category: "self", summary: "SUSE CVE CVE-2017-13033 page", url: "https://www.suse.com/security/cve/CVE-2017-13033/", }, { category: "self", summary: "SUSE CVE CVE-2017-13034 page", url: "https://www.suse.com/security/cve/CVE-2017-13034/", }, { category: "self", summary: "SUSE CVE CVE-2017-13035 page", url: "https://www.suse.com/security/cve/CVE-2017-13035/", }, { category: "self", summary: "SUSE CVE CVE-2017-13036 page", url: "https://www.suse.com/security/cve/CVE-2017-13036/", }, { category: "self", summary: "SUSE CVE CVE-2017-13037 page", url: "https://www.suse.com/security/cve/CVE-2017-13037/", }, { category: "self", summary: "SUSE CVE CVE-2017-13038 page", url: "https://www.suse.com/security/cve/CVE-2017-13038/", }, { category: "self", summary: "SUSE CVE CVE-2017-13039 page", url: "https://www.suse.com/security/cve/CVE-2017-13039/", }, { category: "self", summary: "SUSE CVE CVE-2017-13040 page", url: "https://www.suse.com/security/cve/CVE-2017-13040/", }, { category: "self", summary: "SUSE CVE CVE-2017-13041 page", url: "https://www.suse.com/security/cve/CVE-2017-13041/", }, { category: "self", summary: "SUSE CVE CVE-2017-13042 page", url: "https://www.suse.com/security/cve/CVE-2017-13042/", }, { category: "self", summary: "SUSE CVE CVE-2017-13043 page", url: "https://www.suse.com/security/cve/CVE-2017-13043/", }, { category: "self", summary: "SUSE CVE CVE-2017-13044 page", url: "https://www.suse.com/security/cve/CVE-2017-13044/", }, { category: "self", summary: "SUSE CVE CVE-2017-13045 page", url: "https://www.suse.com/security/cve/CVE-2017-13045/", }, { category: "self", summary: "SUSE CVE CVE-2017-13046 page", url: "https://www.suse.com/security/cve/CVE-2017-13046/", }, { category: "self", summary: "SUSE CVE CVE-2017-13047 page", url: "https://www.suse.com/security/cve/CVE-2017-13047/", }, { category: "self", summary: "SUSE CVE CVE-2017-13048 page", url: "https://www.suse.com/security/cve/CVE-2017-13048/", }, { category: "self", summary: "SUSE CVE CVE-2017-13049 page", url: "https://www.suse.com/security/cve/CVE-2017-13049/", }, { category: "self", summary: "SUSE CVE CVE-2017-13050 page", url: "https://www.suse.com/security/cve/CVE-2017-13050/", }, { category: "self", summary: "SUSE CVE CVE-2017-13051 page", url: "https://www.suse.com/security/cve/CVE-2017-13051/", }, { category: "self", summary: "SUSE CVE CVE-2017-13052 page", url: "https://www.suse.com/security/cve/CVE-2017-13052/", }, { category: "self", summary: "SUSE CVE CVE-2017-13053 page", url: "https://www.suse.com/security/cve/CVE-2017-13053/", }, { category: "self", summary: "SUSE CVE CVE-2017-13054 page", url: "https://www.suse.com/security/cve/CVE-2017-13054/", }, { category: "self", summary: "SUSE CVE CVE-2017-13055 page", url: "https://www.suse.com/security/cve/CVE-2017-13055/", }, { category: "self", summary: "SUSE CVE CVE-2017-13687 page", url: "https://www.suse.com/security/cve/CVE-2017-13687/", }, { category: "self", summary: "SUSE CVE CVE-2017-13688 page", url: "https://www.suse.com/security/cve/CVE-2017-13688/", }, { category: "self", summary: "SUSE CVE CVE-2017-13689 page", url: "https://www.suse.com/security/cve/CVE-2017-13689/", }, { category: "self", summary: "SUSE CVE CVE-2017-13690 page", url: "https://www.suse.com/security/cve/CVE-2017-13690/", }, { category: "self", summary: "SUSE CVE CVE-2017-13725 page", url: "https://www.suse.com/security/cve/CVE-2017-13725/", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2017-5202 page", url: "https://www.suse.com/security/cve/CVE-2017-5202/", }, { category: "self", summary: "SUSE CVE CVE-2017-5203 page", url: "https://www.suse.com/security/cve/CVE-2017-5203/", }, { category: "self", summary: "SUSE CVE CVE-2017-5204 page", url: "https://www.suse.com/security/cve/CVE-2017-5204/", }, { category: "self", summary: "SUSE CVE CVE-2017-5205 page", url: "https://www.suse.com/security/cve/CVE-2017-5205/", }, { category: "self", summary: "SUSE CVE CVE-2017-5341 page", url: "https://www.suse.com/security/cve/CVE-2017-5341/", }, { category: "self", summary: "SUSE CVE CVE-2017-5342 page", url: "https://www.suse.com/security/cve/CVE-2017-5342/", }, { category: "self", summary: "SUSE CVE CVE-2017-5482 page", url: "https://www.suse.com/security/cve/CVE-2017-5482/", }, { category: "self", summary: "SUSE CVE CVE-2017-5483 page", url: "https://www.suse.com/security/cve/CVE-2017-5483/", }, { category: "self", summary: "SUSE CVE CVE-2017-5484 page", url: "https://www.suse.com/security/cve/CVE-2017-5484/", }, { category: "self", summary: "SUSE CVE CVE-2017-5485 page", url: "https://www.suse.com/security/cve/CVE-2017-5485/", }, { category: "self", summary: "SUSE CVE CVE-2017-5486 page", url: "https://www.suse.com/security/cve/CVE-2017-5486/", }, { category: "self", summary: "SUSE CVE CVE-2018-10103 page", url: "https://www.suse.com/security/cve/CVE-2018-10103/", }, { category: "self", summary: "SUSE CVE CVE-2018-10105 page", url: "https://www.suse.com/security/cve/CVE-2018-10105/", }, { category: "self", summary: "SUSE CVE CVE-2018-14461 page", url: "https://www.suse.com/security/cve/CVE-2018-14461/", }, { category: "self", summary: "SUSE CVE CVE-2018-14462 page", url: "https://www.suse.com/security/cve/CVE-2018-14462/", }, { category: "self", summary: "SUSE CVE CVE-2018-14463 page", url: "https://www.suse.com/security/cve/CVE-2018-14463/", }, { category: "self", summary: "SUSE CVE CVE-2018-14464 page", url: "https://www.suse.com/security/cve/CVE-2018-14464/", }, { category: "self", summary: "SUSE CVE CVE-2018-14465 page", url: "https://www.suse.com/security/cve/CVE-2018-14465/", }, { category: "self", summary: "SUSE CVE CVE-2018-14466 page", url: "https://www.suse.com/security/cve/CVE-2018-14466/", }, { category: "self", summary: "SUSE CVE CVE-2018-14467 page", url: "https://www.suse.com/security/cve/CVE-2018-14467/", }, { category: "self", summary: "SUSE CVE CVE-2018-14468 page", url: "https://www.suse.com/security/cve/CVE-2018-14468/", }, { category: "self", summary: "SUSE CVE CVE-2018-14469 page", url: "https://www.suse.com/security/cve/CVE-2018-14469/", }, { category: "self", summary: "SUSE CVE CVE-2018-14470 page", url: "https://www.suse.com/security/cve/CVE-2018-14470/", }, { category: "self", summary: "SUSE CVE CVE-2018-14879 page", url: "https://www.suse.com/security/cve/CVE-2018-14879/", }, { category: "self", summary: "SUSE CVE CVE-2018-14880 page", url: "https://www.suse.com/security/cve/CVE-2018-14880/", }, { category: "self", summary: "SUSE CVE CVE-2018-14881 page", url: "https://www.suse.com/security/cve/CVE-2018-14881/", }, { category: "self", summary: "SUSE CVE CVE-2018-14882 page", url: "https://www.suse.com/security/cve/CVE-2018-14882/", }, { category: "self", summary: "SUSE CVE CVE-2018-16227 page", url: "https://www.suse.com/security/cve/CVE-2018-16227/", }, { category: "self", summary: "SUSE CVE CVE-2018-16228 page", url: "https://www.suse.com/security/cve/CVE-2018-16228/", }, { category: "self", summary: "SUSE CVE CVE-2018-16229 page", url: "https://www.suse.com/security/cve/CVE-2018-16229/", }, { category: "self", summary: "SUSE CVE CVE-2018-16230 page", url: "https://www.suse.com/security/cve/CVE-2018-16230/", }, { category: "self", summary: "SUSE CVE CVE-2018-16300 page", url: "https://www.suse.com/security/cve/CVE-2018-16300/", }, { category: "self", summary: "SUSE CVE CVE-2018-16301 page", url: "https://www.suse.com/security/cve/CVE-2018-16301/", }, { category: "self", summary: "SUSE CVE CVE-2018-16451 page", url: "https://www.suse.com/security/cve/CVE-2018-16451/", }, { category: "self", summary: "SUSE CVE CVE-2018-16452 page", url: "https://www.suse.com/security/cve/CVE-2018-16452/", }, { category: "self", summary: "SUSE CVE CVE-2018-19519 page", url: "https://www.suse.com/security/cve/CVE-2018-19519/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, { category: "self", summary: "SUSE CVE CVE-2019-15166 page", url: "https://www.suse.com/security/cve/CVE-2019-15166/", }, { category: "self", summary: "SUSE CVE CVE-2019-15167 page", url: "https://www.suse.com/security/cve/CVE-2019-15167/", }, { category: "self", summary: "SUSE CVE CVE-2020-8037 page", url: "https://www.suse.com/security/cve/CVE-2020-8037/", }, ], title: "tcpdump-4.99.1-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11425-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.99.1-1.2.aarch64", product: { name: "tcpdump-4.99.1-1.2.aarch64", product_id: "tcpdump-4.99.1-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcpdump-4.99.1-1.2.ppc64le", product: { name: "tcpdump-4.99.1-1.2.ppc64le", product_id: "tcpdump-4.99.1-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcpdump-4.99.1-1.2.s390x", product: { name: "tcpdump-4.99.1-1.2.s390x", product_id: "tcpdump-4.99.1-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcpdump-4.99.1-1.2.x86_64", product: { name: "tcpdump-4.99.1-1.2.x86_64", product_id: "tcpdump-4.99.1-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.99.1-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", }, product_reference: "tcpdump-4.99.1-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.99.1-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", }, product_reference: "tcpdump-4.99.1-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.99.1-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", }, product_reference: "tcpdump-4.99.1-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.99.1-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", }, product_reference: "tcpdump-4.99.1-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2016-7922", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7922", }, ], notes: [ { category: "general", text: "The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7922", url: "https://www.suse.com/security/cve/CVE-2016-7922", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7922", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7922", }, { cve: "CVE-2016-7923", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7923", }, ], notes: [ { category: "general", text: "The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7923", url: "https://www.suse.com/security/cve/CVE-2016-7923", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7923", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7923", }, { cve: "CVE-2016-7924", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7924", }, ], notes: [ { category: "general", text: "The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7924", url: "https://www.suse.com/security/cve/CVE-2016-7924", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7924", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7924", }, { cve: "CVE-2016-7925", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7925", }, ], notes: [ { category: "general", text: "The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7925", url: "https://www.suse.com/security/cve/CVE-2016-7925", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7925", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7925", }, { cve: "CVE-2016-7926", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7926", }, ], notes: [ { category: "general", text: "The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7926", url: "https://www.suse.com/security/cve/CVE-2016-7926", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7926", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7926", }, { cve: "CVE-2016-7927", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7927", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7927", url: "https://www.suse.com/security/cve/CVE-2016-7927", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7927", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7927", }, { cve: "CVE-2016-7928", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7928", }, ], notes: [ { category: "general", text: "The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7928", url: "https://www.suse.com/security/cve/CVE-2016-7928", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7928", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7928", }, { cve: "CVE-2016-7929", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7929", }, ], notes: [ { category: "general", text: "The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7929", url: "https://www.suse.com/security/cve/CVE-2016-7929", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7929", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7929", }, { cve: "CVE-2016-7930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7930", }, ], notes: [ { category: "general", text: "The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7930", url: "https://www.suse.com/security/cve/CVE-2016-7930", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7930", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7930", }, { cve: "CVE-2016-7931", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7931", }, ], notes: [ { category: "general", text: "The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7931", url: "https://www.suse.com/security/cve/CVE-2016-7931", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7931", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7931", }, { cve: "CVE-2016-7932", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7932", }, ], notes: [ { category: "general", text: "The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7932", url: "https://www.suse.com/security/cve/CVE-2016-7932", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7932", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7932", }, { cve: "CVE-2016-7933", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7933", }, ], notes: [ { category: "general", text: "The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7933", url: "https://www.suse.com/security/cve/CVE-2016-7933", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7933", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7933", }, { cve: "CVE-2016-7934", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7934", }, ], notes: [ { category: "general", text: "The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7934", url: "https://www.suse.com/security/cve/CVE-2016-7934", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7934", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7934", }, { cve: "CVE-2016-7935", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7935", }, ], notes: [ { category: "general", text: "The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7935", url: "https://www.suse.com/security/cve/CVE-2016-7935", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7935", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7935", }, { cve: "CVE-2016-7936", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7936", }, ], notes: [ { category: "general", text: "The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7936", url: "https://www.suse.com/security/cve/CVE-2016-7936", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7936", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7936", }, { cve: "CVE-2016-7937", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7937", }, ], notes: [ { category: "general", text: "The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7937", url: "https://www.suse.com/security/cve/CVE-2016-7937", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7937", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7937", }, { cve: "CVE-2016-7938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7938", }, ], notes: [ { category: "general", text: "The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7938", url: "https://www.suse.com/security/cve/CVE-2016-7938", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7938", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7938", }, { cve: "CVE-2016-7939", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7939", }, ], notes: [ { category: "general", text: "The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7939", url: "https://www.suse.com/security/cve/CVE-2016-7939", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7939", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7939", }, { cve: "CVE-2016-7940", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7940", }, ], notes: [ { category: "general", text: "The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7940", url: "https://www.suse.com/security/cve/CVE-2016-7940", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7940", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7940", }, { cve: "CVE-2016-7973", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7973", }, ], notes: [ { category: "general", text: "The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7973", url: "https://www.suse.com/security/cve/CVE-2016-7973", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7973", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7973", }, { cve: "CVE-2016-7974", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7974", }, ], notes: [ { category: "general", text: "The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7974", url: "https://www.suse.com/security/cve/CVE-2016-7974", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7974", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7974", }, { cve: "CVE-2016-7975", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7975", }, ], notes: [ { category: "general", text: "The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7975", url: "https://www.suse.com/security/cve/CVE-2016-7975", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7975", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7975", }, { cve: "CVE-2016-7983", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7983", }, ], notes: [ { category: "general", text: "The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7983", url: "https://www.suse.com/security/cve/CVE-2016-7983", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7983", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7983", }, { cve: "CVE-2016-7984", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7984", }, ], notes: [ { category: "general", text: "The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7984", url: "https://www.suse.com/security/cve/CVE-2016-7984", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7984", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7984", }, { cve: "CVE-2016-7985", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7985", }, ], notes: [ { category: "general", text: "The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7985", url: "https://www.suse.com/security/cve/CVE-2016-7985", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7985", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7985", }, { cve: "CVE-2016-7986", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7986", }, ], notes: [ { category: "general", text: "The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7986", url: "https://www.suse.com/security/cve/CVE-2016-7986", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7986", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7986", }, { cve: "CVE-2016-7992", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7992", }, ], notes: [ { category: "general", text: "The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7992", url: "https://www.suse.com/security/cve/CVE-2016-7992", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7992", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7992", }, { cve: "CVE-2016-7993", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7993", }, ], notes: [ { category: "general", text: "A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7993", url: "https://www.suse.com/security/cve/CVE-2016-7993", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-7993", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7993", }, { cve: "CVE-2016-8574", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8574", }, ], notes: [ { category: "general", text: "The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8574", url: "https://www.suse.com/security/cve/CVE-2016-8574", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-8574", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-8574", }, { cve: "CVE-2016-8575", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8575", }, ], notes: [ { category: "general", text: "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8575", url: "https://www.suse.com/security/cve/CVE-2016-8575", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2016-8575", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-8575", }, { cve: "CVE-2017-11108", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-11108", }, ], notes: [ { category: "general", text: "tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-11108", url: "https://www.suse.com/security/cve/CVE-2017-11108", }, { category: "external", summary: "SUSE Bug 1047873 for CVE-2017-11108", url: "https://bugzilla.suse.com/1047873", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-11108", url: "https://bugzilla.suse.com/1057247", }, { category: "external", summary: "SUSE Bug 1123142 for CVE-2017-11108", url: "https://bugzilla.suse.com/1123142", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-11108", }, { cve: "CVE-2017-11541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-11541", }, ], notes: [ { category: "general", text: "tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-11541", url: "https://www.suse.com/security/cve/CVE-2017-11541", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-11541", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-11541", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-11541", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-11541", url: "https://bugzilla.suse.com/1057247", }, { category: "external", summary: "SUSE Bug 1123142 for CVE-2017-11541", url: "https://bugzilla.suse.com/1123142", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-11541", }, { cve: "CVE-2017-11542", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-11542", }, ], notes: [ { category: "general", text: "tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-11542", url: "https://www.suse.com/security/cve/CVE-2017-11542", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-11542", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-11542", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-11542", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-11542", url: "https://bugzilla.suse.com/1057247", }, { category: "external", summary: "SUSE Bug 1123142 for CVE-2017-11542", url: "https://bugzilla.suse.com/1123142", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-11542", }, { cve: "CVE-2017-11543", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-11543", }, ], notes: [ { category: "general", text: "tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-11543", url: "https://www.suse.com/security/cve/CVE-2017-11543", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-11543", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-11543", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-11543", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-11543", url: "https://bugzilla.suse.com/1057247", }, { category: "external", summary: "SUSE Bug 1123142 for CVE-2017-11543", url: "https://bugzilla.suse.com/1123142", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-11543", }, { cve: "CVE-2017-12893", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12893", }, ], notes: [ { category: "general", text: "The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12893", url: "https://www.suse.com/security/cve/CVE-2017-12893", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12893", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12893", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12893", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12893", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12893", }, { cve: "CVE-2017-12894", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12894", }, ], notes: [ { category: "general", text: "Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12894", url: "https://www.suse.com/security/cve/CVE-2017-12894", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12894", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12894", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12894", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12894", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12894", }, { cve: "CVE-2017-12895", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12895", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12895", url: "https://www.suse.com/security/cve/CVE-2017-12895", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12895", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12895", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12895", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12895", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12895", }, { cve: "CVE-2017-12896", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12896", }, ], notes: [ { category: "general", text: "The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12896", url: "https://www.suse.com/security/cve/CVE-2017-12896", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12896", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12896", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12896", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12896", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12896", }, { cve: "CVE-2017-12897", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12897", }, ], notes: [ { category: "general", text: "The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12897", url: "https://www.suse.com/security/cve/CVE-2017-12897", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12897", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12897", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12897", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12897", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12897", }, { cve: "CVE-2017-12898", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12898", }, ], notes: [ { category: "general", text: "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12898", url: "https://www.suse.com/security/cve/CVE-2017-12898", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12898", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12898", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12898", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12898", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12898", }, { cve: "CVE-2017-12899", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12899", }, ], notes: [ { category: "general", text: "The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12899", url: "https://www.suse.com/security/cve/CVE-2017-12899", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12899", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12899", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12899", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12899", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12899", }, { cve: "CVE-2017-12900", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12900", }, ], notes: [ { category: "general", text: "Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12900", url: "https://www.suse.com/security/cve/CVE-2017-12900", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12900", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12900", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12900", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12900", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12900", }, { cve: "CVE-2017-12901", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12901", }, ], notes: [ { category: "general", text: "The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12901", url: "https://www.suse.com/security/cve/CVE-2017-12901", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12901", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12901", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12901", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12901", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12901", }, { cve: "CVE-2017-12902", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12902", }, ], notes: [ { category: "general", text: "The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12902", url: "https://www.suse.com/security/cve/CVE-2017-12902", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12902", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12902", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12902", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12902", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12902", }, { cve: "CVE-2017-12985", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12985", }, ], notes: [ { category: "general", text: "The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12985", url: "https://www.suse.com/security/cve/CVE-2017-12985", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12985", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12985", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12985", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12985", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12985", }, { cve: "CVE-2017-12986", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12986", }, ], notes: [ { category: "general", text: "The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12986", url: "https://www.suse.com/security/cve/CVE-2017-12986", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12986", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12986", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12986", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12986", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12986", }, { cve: "CVE-2017-12987", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12987", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12987", url: "https://www.suse.com/security/cve/CVE-2017-12987", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12987", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12987", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12987", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12987", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12987", }, { cve: "CVE-2017-12988", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12988", }, ], notes: [ { category: "general", text: "The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12988", url: "https://www.suse.com/security/cve/CVE-2017-12988", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12988", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12988", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12988", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12988", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12988", }, { cve: "CVE-2017-12989", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12989", }, ], notes: [ { category: "general", text: "The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12989", url: "https://www.suse.com/security/cve/CVE-2017-12989", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12989", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12989", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12989", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12989", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12989", }, { cve: "CVE-2017-12990", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12990", }, ], notes: [ { category: "general", text: "The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12990", url: "https://www.suse.com/security/cve/CVE-2017-12990", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12990", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12990", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12990", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12990", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12990", }, { cve: "CVE-2017-12991", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12991", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12991", url: "https://www.suse.com/security/cve/CVE-2017-12991", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12991", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12991", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12991", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12991", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12991", }, { cve: "CVE-2017-12992", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12992", }, ], notes: [ { category: "general", text: "The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12992", url: "https://www.suse.com/security/cve/CVE-2017-12992", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12992", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12992", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12992", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12992", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12992", }, { cve: "CVE-2017-12993", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12993", }, ], notes: [ { category: "general", text: "The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12993", url: "https://www.suse.com/security/cve/CVE-2017-12993", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12993", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12993", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12993", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12993", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12993", }, { cve: "CVE-2017-12994", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12994", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12994", url: "https://www.suse.com/security/cve/CVE-2017-12994", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12994", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12994", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12994", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12994", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12994", }, { cve: "CVE-2017-12995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12995", }, ], notes: [ { category: "general", text: "The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12995", url: "https://www.suse.com/security/cve/CVE-2017-12995", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12995", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12995", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12995", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12995", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12995", }, { cve: "CVE-2017-12996", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12996", }, ], notes: [ { category: "general", text: "The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12996", url: "https://www.suse.com/security/cve/CVE-2017-12996", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12996", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12996", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12996", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12996", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12996", }, { cve: "CVE-2017-12997", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12997", }, ], notes: [ { category: "general", text: "The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12997", url: "https://www.suse.com/security/cve/CVE-2017-12997", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12997", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12997", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12997", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12997", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12997", }, { cve: "CVE-2017-12998", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12998", }, ], notes: [ { category: "general", text: "The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12998", url: "https://www.suse.com/security/cve/CVE-2017-12998", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12998", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12998", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12998", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12998", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12998", }, { cve: "CVE-2017-12999", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12999", }, ], notes: [ { category: "general", text: "The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12999", url: "https://www.suse.com/security/cve/CVE-2017-12999", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-12999", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-12999", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-12999", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-12999", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-12999", }, { cve: "CVE-2017-13000", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13000", }, ], notes: [ { category: "general", text: "The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13000", url: "https://www.suse.com/security/cve/CVE-2017-13000", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13000", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13000", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13000", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13000", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13000", }, { cve: "CVE-2017-13001", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13001", }, ], notes: [ { category: "general", text: "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13001", url: "https://www.suse.com/security/cve/CVE-2017-13001", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13001", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13001", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13001", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13001", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13001", }, { cve: "CVE-2017-13002", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13002", }, ], notes: [ { category: "general", text: "The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13002", url: "https://www.suse.com/security/cve/CVE-2017-13002", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13002", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13002", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13002", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13002", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13002", }, { cve: "CVE-2017-13003", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13003", }, ], notes: [ { category: "general", text: "The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13003", url: "https://www.suse.com/security/cve/CVE-2017-13003", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13003", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13003", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13003", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13003", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13003", }, { cve: "CVE-2017-13004", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13004", }, ], notes: [ { category: "general", text: "The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13004", url: "https://www.suse.com/security/cve/CVE-2017-13004", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13004", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13004", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13004", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13004", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13004", }, { cve: "CVE-2017-13005", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13005", }, ], notes: [ { category: "general", text: "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13005", url: "https://www.suse.com/security/cve/CVE-2017-13005", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13005", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13005", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13005", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13005", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13005", }, { cve: "CVE-2017-13006", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13006", }, ], notes: [ { category: "general", text: "The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13006", url: "https://www.suse.com/security/cve/CVE-2017-13006", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13006", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13006", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13006", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13006", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13006", }, { cve: "CVE-2017-13007", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13007", }, ], notes: [ { category: "general", text: "The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13007", url: "https://www.suse.com/security/cve/CVE-2017-13007", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13007", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13007", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13007", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13007", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13007", }, { cve: "CVE-2017-13008", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13008", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13008", url: "https://www.suse.com/security/cve/CVE-2017-13008", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13008", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13008", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13008", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13008", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13008", }, { cve: "CVE-2017-13009", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13009", }, ], notes: [ { category: "general", text: "The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13009", url: "https://www.suse.com/security/cve/CVE-2017-13009", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13009", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13009", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13009", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13009", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13009", }, { cve: "CVE-2017-13010", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13010", }, ], notes: [ { category: "general", text: "The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13010", url: "https://www.suse.com/security/cve/CVE-2017-13010", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13010", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13010", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13010", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13010", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13010", }, { cve: "CVE-2017-13011", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13011", }, ], notes: [ { category: "general", text: "Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13011", url: "https://www.suse.com/security/cve/CVE-2017-13011", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13011", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13011", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13011", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13011", url: "https://bugzilla.suse.com/1057247", }, { category: "external", summary: "SUSE Bug 1123142 for CVE-2017-13011", url: "https://bugzilla.suse.com/1123142", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13011", }, { cve: "CVE-2017-13012", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13012", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13012", url: "https://www.suse.com/security/cve/CVE-2017-13012", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13012", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13012", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13012", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13012", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13012", }, { cve: "CVE-2017-13013", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13013", }, ], notes: [ { category: "general", text: "The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13013", url: "https://www.suse.com/security/cve/CVE-2017-13013", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13013", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13013", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13013", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13013", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13013", }, { cve: "CVE-2017-13014", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13014", }, ], notes: [ { category: "general", text: "The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13014", url: "https://www.suse.com/security/cve/CVE-2017-13014", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13014", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13014", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13014", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13014", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13014", }, { cve: "CVE-2017-13015", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13015", }, ], notes: [ { category: "general", text: "The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13015", url: "https://www.suse.com/security/cve/CVE-2017-13015", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13015", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13015", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13015", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13015", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13015", }, { cve: "CVE-2017-13016", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13016", }, ], notes: [ { category: "general", text: "The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13016", url: "https://www.suse.com/security/cve/CVE-2017-13016", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13016", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13016", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13016", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13016", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13016", }, { cve: "CVE-2017-13017", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13017", }, ], notes: [ { category: "general", text: "The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13017", url: "https://www.suse.com/security/cve/CVE-2017-13017", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13017", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13017", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13017", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13017", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13017", }, { cve: "CVE-2017-13018", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13018", }, ], notes: [ { category: "general", text: "The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13018", url: "https://www.suse.com/security/cve/CVE-2017-13018", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13018", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13018", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13018", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13018", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13018", }, { cve: "CVE-2017-13019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13019", }, ], notes: [ { category: "general", text: "The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13019", url: "https://www.suse.com/security/cve/CVE-2017-13019", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13019", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13019", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13019", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13019", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13019", }, { cve: "CVE-2017-13020", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13020", }, ], notes: [ { category: "general", text: "The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13020", url: "https://www.suse.com/security/cve/CVE-2017-13020", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13020", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13020", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13020", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13020", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13020", }, { cve: "CVE-2017-13021", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13021", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13021", url: "https://www.suse.com/security/cve/CVE-2017-13021", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13021", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13021", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13021", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13021", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13021", }, { cve: "CVE-2017-13022", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13022", }, ], notes: [ { category: "general", text: "The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13022", url: "https://www.suse.com/security/cve/CVE-2017-13022", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13022", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13022", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13022", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13022", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13022", }, { cve: "CVE-2017-13023", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13023", }, ], notes: [ { category: "general", text: "The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13023", url: "https://www.suse.com/security/cve/CVE-2017-13023", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13023", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13023", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13023", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13023", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13023", }, { cve: "CVE-2017-13024", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13024", }, ], notes: [ { category: "general", text: "The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13024", url: "https://www.suse.com/security/cve/CVE-2017-13024", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13024", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13024", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13024", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13024", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13024", }, { cve: "CVE-2017-13025", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13025", }, ], notes: [ { category: "general", text: "The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13025", url: "https://www.suse.com/security/cve/CVE-2017-13025", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13025", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13025", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13025", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13025", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13025", }, { cve: "CVE-2017-13026", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13026", }, ], notes: [ { category: "general", text: "The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13026", url: "https://www.suse.com/security/cve/CVE-2017-13026", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13026", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13026", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13026", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13026", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13026", }, { cve: "CVE-2017-13027", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13027", }, ], notes: [ { category: "general", text: "The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13027", url: "https://www.suse.com/security/cve/CVE-2017-13027", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13027", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13027", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13027", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13027", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13027", }, { cve: "CVE-2017-13028", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13028", }, ], notes: [ { category: "general", text: "The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13028", url: "https://www.suse.com/security/cve/CVE-2017-13028", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13028", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13028", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13028", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13028", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13028", }, { cve: "CVE-2017-13029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13029", }, ], notes: [ { category: "general", text: "The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13029", url: "https://www.suse.com/security/cve/CVE-2017-13029", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13029", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13029", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13029", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13029", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13029", }, { cve: "CVE-2017-13030", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13030", }, ], notes: [ { category: "general", text: "The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13030", url: "https://www.suse.com/security/cve/CVE-2017-13030", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13030", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13030", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13030", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13030", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13030", }, { cve: "CVE-2017-13031", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13031", }, ], notes: [ { category: "general", text: "The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13031", url: "https://www.suse.com/security/cve/CVE-2017-13031", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13031", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13031", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13031", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13031", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13031", }, { cve: "CVE-2017-13032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13032", }, ], notes: [ { category: "general", text: "The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13032", url: "https://www.suse.com/security/cve/CVE-2017-13032", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13032", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13032", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13032", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13032", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13032", }, { cve: "CVE-2017-13033", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13033", }, ], notes: [ { category: "general", text: "The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13033", url: "https://www.suse.com/security/cve/CVE-2017-13033", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13033", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13033", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13033", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13033", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13033", }, { cve: "CVE-2017-13034", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13034", }, ], notes: [ { category: "general", text: "The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13034", url: "https://www.suse.com/security/cve/CVE-2017-13034", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13034", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13034", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13034", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13034", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13034", }, { cve: "CVE-2017-13035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13035", }, ], notes: [ { category: "general", text: "The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13035", url: "https://www.suse.com/security/cve/CVE-2017-13035", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13035", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13035", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13035", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13035", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13035", }, { cve: "CVE-2017-13036", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13036", }, ], notes: [ { category: "general", text: "The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13036", url: "https://www.suse.com/security/cve/CVE-2017-13036", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13036", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13036", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13036", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13036", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13036", }, { cve: "CVE-2017-13037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13037", }, ], notes: [ { category: "general", text: "The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13037", url: "https://www.suse.com/security/cve/CVE-2017-13037", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13037", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13037", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13037", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13037", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13037", }, { cve: "CVE-2017-13038", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13038", }, ], notes: [ { category: "general", text: "The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13038", url: "https://www.suse.com/security/cve/CVE-2017-13038", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13038", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13038", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13038", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13038", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13038", }, { cve: "CVE-2017-13039", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13039", }, ], notes: [ { category: "general", text: "The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13039", url: "https://www.suse.com/security/cve/CVE-2017-13039", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13039", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13039", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13039", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13039", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13039", }, { cve: "CVE-2017-13040", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13040", }, ], notes: [ { category: "general", text: "The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13040", url: "https://www.suse.com/security/cve/CVE-2017-13040", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13040", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13040", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13040", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13040", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13040", }, { cve: "CVE-2017-13041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13041", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13041", url: "https://www.suse.com/security/cve/CVE-2017-13041", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13041", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13041", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13041", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13041", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13041", }, { cve: "CVE-2017-13042", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13042", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13042", url: "https://www.suse.com/security/cve/CVE-2017-13042", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13042", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13042", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13042", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13042", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13042", }, { cve: "CVE-2017-13043", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13043", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13043", url: "https://www.suse.com/security/cve/CVE-2017-13043", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13043", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13043", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13043", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13043", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13043", }, { cve: "CVE-2017-13044", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13044", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13044", url: "https://www.suse.com/security/cve/CVE-2017-13044", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13044", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13044", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13044", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13044", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13044", }, { cve: "CVE-2017-13045", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13045", }, ], notes: [ { category: "general", text: "The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13045", url: "https://www.suse.com/security/cve/CVE-2017-13045", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13045", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13045", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13045", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13045", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13045", }, { cve: "CVE-2017-13046", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13046", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13046", url: "https://www.suse.com/security/cve/CVE-2017-13046", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13046", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13046", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13046", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13046", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13046", }, { cve: "CVE-2017-13047", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13047", }, ], notes: [ { category: "general", text: "The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13047", url: "https://www.suse.com/security/cve/CVE-2017-13047", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13047", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13047", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13047", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13047", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13047", }, { cve: "CVE-2017-13048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13048", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13048", url: "https://www.suse.com/security/cve/CVE-2017-13048", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13048", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13048", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13048", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13048", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13048", }, { cve: "CVE-2017-13049", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13049", }, ], notes: [ { category: "general", text: "The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13049", url: "https://www.suse.com/security/cve/CVE-2017-13049", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13049", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13049", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13049", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13049", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13049", }, { cve: "CVE-2017-13050", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13050", }, ], notes: [ { category: "general", text: "The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13050", url: "https://www.suse.com/security/cve/CVE-2017-13050", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13050", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13050", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13050", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13050", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13050", }, { cve: "CVE-2017-13051", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13051", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13051", url: "https://www.suse.com/security/cve/CVE-2017-13051", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13051", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13051", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13051", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13051", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13051", }, { cve: "CVE-2017-13052", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13052", }, ], notes: [ { category: "general", text: "The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13052", url: "https://www.suse.com/security/cve/CVE-2017-13052", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13052", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13052", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13052", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13052", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13052", }, { cve: "CVE-2017-13053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13053", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13053", url: "https://www.suse.com/security/cve/CVE-2017-13053", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13053", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13053", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13053", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13053", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13053", }, { cve: "CVE-2017-13054", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13054", }, ], notes: [ { category: "general", text: "The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13054", url: "https://www.suse.com/security/cve/CVE-2017-13054", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13054", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13054", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13054", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13054", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13054", }, { cve: "CVE-2017-13055", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13055", }, ], notes: [ { category: "general", text: "The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13055", url: "https://www.suse.com/security/cve/CVE-2017-13055", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13055", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13055", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13055", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13055", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13055", }, { cve: "CVE-2017-13687", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13687", }, ], notes: [ { category: "general", text: "The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13687", url: "https://www.suse.com/security/cve/CVE-2017-13687", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13687", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13687", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13687", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13687", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13687", }, { cve: "CVE-2017-13688", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13688", }, ], notes: [ { category: "general", text: "The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13688", url: "https://www.suse.com/security/cve/CVE-2017-13688", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13688", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13688", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13688", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13688", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13688", }, { cve: "CVE-2017-13689", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13689", }, ], notes: [ { category: "general", text: "The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13689", url: "https://www.suse.com/security/cve/CVE-2017-13689", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13689", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13689", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13689", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13689", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13689", }, { cve: "CVE-2017-13690", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13690", }, ], notes: [ { category: "general", text: "The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13690", url: "https://www.suse.com/security/cve/CVE-2017-13690", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13690", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13690", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13690", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13690", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13690", }, { cve: "CVE-2017-13725", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-13725", }, ], notes: [ { category: "general", text: "The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-13725", url: "https://www.suse.com/security/cve/CVE-2017-13725", }, { category: "external", summary: "SUSE Bug 1050219 for CVE-2017-13725", url: "https://bugzilla.suse.com/1050219", }, { category: "external", summary: "SUSE Bug 1050222 for CVE-2017-13725", url: "https://bugzilla.suse.com/1050222", }, { category: "external", summary: "SUSE Bug 1050225 for CVE-2017-13725", url: "https://bugzilla.suse.com/1050225", }, { category: "external", summary: "SUSE Bug 1057247 for CVE-2017-13725", url: "https://bugzilla.suse.com/1057247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-13725", }, { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2017-5202", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5202", }, ], notes: [ { category: "general", text: "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5202", url: "https://www.suse.com/security/cve/CVE-2017-5202", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5202", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5202", }, { cve: "CVE-2017-5203", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5203", }, ], notes: [ { category: "general", text: "The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5203", url: "https://www.suse.com/security/cve/CVE-2017-5203", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5203", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5203", }, { cve: "CVE-2017-5204", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5204", }, ], notes: [ { category: "general", text: "The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5204", url: "https://www.suse.com/security/cve/CVE-2017-5204", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5204", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5204", }, { cve: "CVE-2017-5205", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5205", }, ], notes: [ { category: "general", text: "The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5205", url: "https://www.suse.com/security/cve/CVE-2017-5205", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5205", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5205", }, { cve: "CVE-2017-5341", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5341", }, ], notes: [ { category: "general", text: "The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5341", url: "https://www.suse.com/security/cve/CVE-2017-5341", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5341", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5341", }, { cve: "CVE-2017-5342", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5342", }, ], notes: [ { category: "general", text: "In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5342", url: "https://www.suse.com/security/cve/CVE-2017-5342", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5342", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5342", }, { cve: "CVE-2017-5482", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5482", }, ], notes: [ { category: "general", text: "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5482", url: "https://www.suse.com/security/cve/CVE-2017-5482", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5482", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5482", }, { cve: "CVE-2017-5483", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5483", }, ], notes: [ { category: "general", text: "The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5483", url: "https://www.suse.com/security/cve/CVE-2017-5483", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5483", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5483", }, { cve: "CVE-2017-5484", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5484", }, ], notes: [ { category: "general", text: "The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5484", url: "https://www.suse.com/security/cve/CVE-2017-5484", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5484", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5484", }, { cve: "CVE-2017-5485", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5485", }, ], notes: [ { category: "general", text: "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5485", url: "https://www.suse.com/security/cve/CVE-2017-5485", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5485", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5485", }, { cve: "CVE-2017-5486", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5486", }, ], notes: [ { category: "general", text: "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5486", url: "https://www.suse.com/security/cve/CVE-2017-5486", }, { category: "external", summary: "SUSE Bug 1020940 for CVE-2017-5486", url: "https://bugzilla.suse.com/1020940", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5486", }, { cve: "CVE-2018-10103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10103", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10103", url: "https://www.suse.com/security/cve/CVE-2018-10103", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10103", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-10103", }, { cve: "CVE-2018-10105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10105", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10105", url: "https://www.suse.com/security/cve/CVE-2018-10105", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10105", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-10105", }, { cve: "CVE-2018-14461", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14461", }, ], notes: [ { category: "general", text: "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14461", url: "https://www.suse.com/security/cve/CVE-2018-14461", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14461", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14461", }, { cve: "CVE-2018-14462", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14462", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14462", url: "https://www.suse.com/security/cve/CVE-2018-14462", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14462", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14462", }, { cve: "CVE-2018-14463", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14463", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14463", url: "https://www.suse.com/security/cve/CVE-2018-14463", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14463", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14463", }, { cve: "CVE-2018-14464", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14464", }, ], notes: [ { category: "general", text: "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14464", url: "https://www.suse.com/security/cve/CVE-2018-14464", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14464", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14464", }, { cve: "CVE-2018-14465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14465", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14465", url: "https://www.suse.com/security/cve/CVE-2018-14465", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14465", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14465", }, { cve: "CVE-2018-14466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14466", }, ], notes: [ { category: "general", text: "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14466", url: "https://www.suse.com/security/cve/CVE-2018-14466", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14466", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1166972 for CVE-2018-14466", url: "https://bugzilla.suse.com/1166972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14466", }, { cve: "CVE-2018-14467", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14467", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14467", url: "https://www.suse.com/security/cve/CVE-2018-14467", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14467", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14467", }, { cve: "CVE-2018-14468", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14468", }, ], notes: [ { category: "general", text: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14468", url: "https://www.suse.com/security/cve/CVE-2018-14468", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14468", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14468", }, { cve: "CVE-2018-14469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14469", }, ], notes: [ { category: "general", text: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14469", url: "https://www.suse.com/security/cve/CVE-2018-14469", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14469", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14469", }, { cve: "CVE-2018-14470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14470", }, ], notes: [ { category: "general", text: "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14470", url: "https://www.suse.com/security/cve/CVE-2018-14470", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14470", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14470", }, { cve: "CVE-2018-14879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14879", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14879", url: "https://www.suse.com/security/cve/CVE-2018-14879", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14879", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-14879", }, { cve: "CVE-2018-14880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14880", }, ], notes: [ { category: "general", text: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14880", url: "https://www.suse.com/security/cve/CVE-2018-14880", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14880", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14880", }, { cve: "CVE-2018-14881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14881", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14881", url: "https://www.suse.com/security/cve/CVE-2018-14881", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14881", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14881", }, { cve: "CVE-2018-14882", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14882", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14882", url: "https://www.suse.com/security/cve/CVE-2018-14882", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14882", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14882", }, { cve: "CVE-2018-16227", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16227", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16227", url: "https://www.suse.com/security/cve/CVE-2018-16227", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16227", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16227", }, { cve: "CVE-2018-16228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16228", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16228", url: "https://www.suse.com/security/cve/CVE-2018-16228", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16228", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16228", }, { cve: "CVE-2018-16229", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16229", }, ], notes: [ { category: "general", text: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16229", url: "https://www.suse.com/security/cve/CVE-2018-16229", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16229", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16229", }, { cve: "CVE-2018-16230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16230", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16230", url: "https://www.suse.com/security/cve/CVE-2018-16230", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16230", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16230", }, { cve: "CVE-2018-16300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16300", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16300", url: "https://www.suse.com/security/cve/CVE-2018-16300", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16300", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-16300", }, { cve: "CVE-2018-16301", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16301", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16301", url: "https://www.suse.com/security/cve/CVE-2018-16301", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1153332 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153332", }, { category: "external", summary: "SUSE Bug 1195825 for CVE-2018-16301", url: "https://bugzilla.suse.com/1195825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-16301", }, { cve: "CVE-2018-16451", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16451", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16451", url: "https://www.suse.com/security/cve/CVE-2018-16451", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16451", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16451", }, { cve: "CVE-2018-16452", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16452", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16452", url: "https://www.suse.com/security/cve/CVE-2018-16452", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16452", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16452", }, { cve: "CVE-2018-19519", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-19519", }, ], notes: [ { category: "general", text: "In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-19519", url: "https://www.suse.com/security/cve/CVE-2018-19519", }, { category: "external", summary: "SUSE Bug 1117267 for CVE-2018-19519", url: "https://bugzilla.suse.com/1117267", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-19519", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, { cve: "CVE-2019-15166", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15166", }, ], notes: [ { category: "general", text: "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15166", url: "https://www.suse.com/security/cve/CVE-2019-15166", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15166", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-15166", }, { cve: "CVE-2019-15167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15167", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15167", url: "https://www.suse.com/security/cve/CVE-2019-15167", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15167", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-15167", }, { cve: "CVE-2020-8037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8037", }, ], notes: [ { category: "general", text: "The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8037", url: "https://www.suse.com/security/cve/CVE-2020-8037", }, { category: "external", summary: "SUSE Bug 1178466 for CVE-2020-8037", url: "https://bugzilla.suse.com/1178466", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.aarch64", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.ppc64le", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.s390x", "openSUSE Tumbleweed:tcpdump-4.99.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-8037", }, ], }
suse-su-2019:2088-1
Vulnerability from csaf_suse
Published
2019-08-07 16:17
Modified
2019-08-07 16:17
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
Security issues fixed:
- CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439).
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716).
Patchnames
SUSE-2019-2088,SUSE-SLE-DESKTOP-12-SP4-2019-2088,SUSE-SLE-SERVER-12-SP4-2019-2088
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439).\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2088,SUSE-SLE-DESKTOP-12-SP4-2019-2088,SUSE-SLE-SERVER-12-SP4-2019-2088", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2088-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2088-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192088-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2088-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-August/005799.html", }, { category: "self", summary: "SUSE Bug 1068716", url: "https://bugzilla.suse.com/1068716", }, { category: "self", summary: "SUSE Bug 1142439", url: "https://bugzilla.suse.com/1142439", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2019-08-07T16:17:32Z", generator: { date: "2019-08-07T16:17:32Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2088-1", initial_release_date: "2019-08-07T16:17:32Z", revision_history: [ { date: "2019-08-07T16:17:32Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.11.1.aarch64", product: { name: "tcpdump-4.9.2-14.11.1.aarch64", product_id: "tcpdump-4.9.2-14.11.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.11.1.i586", product: { name: "tcpdump-4.9.2-14.11.1.i586", product_id: "tcpdump-4.9.2-14.11.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.11.1.ppc64le", product: { name: "tcpdump-4.9.2-14.11.1.ppc64le", product_id: "tcpdump-4.9.2-14.11.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.11.1.s390", product: { name: "tcpdump-4.9.2-14.11.1.s390", product_id: "tcpdump-4.9.2-14.11.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.11.1.s390x", product: { name: "tcpdump-4.9.2-14.11.1.s390x", product_id: "tcpdump-4.9.2-14.11.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.11.1.x86_64", product: { name: "tcpdump-4.9.2-14.11.1.x86_64", product_id: "tcpdump-4.9.2-14.11.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP4", product: { name: "SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4", product: { name: "SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4", product_id: "SUSE Linux Enterprise Desktop 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", }, product_reference: "tcpdump-4.9.2-14.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP4", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", }, product_reference: "tcpdump-4.9.2-14.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", }, product_reference: "tcpdump-4.9.2-14.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.s390x", }, product_reference: "tcpdump-4.9.2-14.11.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", }, product_reference: "tcpdump-4.9.2-14.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", }, product_reference: "tcpdump-4.9.2-14.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", }, product_reference: "tcpdump-4.9.2-14.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.s390x", }, product_reference: "tcpdump-4.9.2-14.11.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", }, product_reference: "tcpdump-4.9.2-14.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-08-07T16:17:32Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tcpdump-4.9.2-14.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-08-07T16:17:32Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, ], }
suse-su-2019:2674-1
Vulnerability from csaf_suse
Published
2019-10-15 14:53
Modified
2019-10-15 14:53
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).
- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).
- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).
- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).
- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).
- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).
- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).
- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).
- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).
- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).
- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).
- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).
- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).
- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).
- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).
- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).
- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).
- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).
- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).
- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).
- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098).
- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).
- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).
Patchnames
SUSE-2019-2674,SUSE-SLE-Module-Basesystem-15-2019-2674,SUSE-SLE-Module-Basesystem-15-SP1-2019-2674
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2674,SUSE-SLE-Module-Basesystem-15-2019-2674,SUSE-SLE-Module-Basesystem-15-SP1-2019-2674", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2674-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2674-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192674-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2674-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006020.html", }, { category: "self", summary: "SUSE Bug 1068716", url: "https://bugzilla.suse.com/1068716", }, { category: "self", summary: "SUSE Bug 1153098", url: "https://bugzilla.suse.com/1153098", }, { category: "self", summary: "SUSE Bug 1153332", url: "https://bugzilla.suse.com/1153332", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2018-10103 page", url: "https://www.suse.com/security/cve/CVE-2018-10103/", }, { category: "self", summary: "SUSE CVE CVE-2018-10105 page", url: "https://www.suse.com/security/cve/CVE-2018-10105/", }, { category: "self", summary: "SUSE CVE CVE-2018-14461 page", url: "https://www.suse.com/security/cve/CVE-2018-14461/", }, { category: "self", summary: "SUSE CVE CVE-2018-14462 page", url: "https://www.suse.com/security/cve/CVE-2018-14462/", }, { category: "self", summary: "SUSE CVE CVE-2018-14463 page", url: "https://www.suse.com/security/cve/CVE-2018-14463/", }, { category: "self", summary: "SUSE CVE CVE-2018-14464 page", url: "https://www.suse.com/security/cve/CVE-2018-14464/", }, { category: "self", summary: "SUSE CVE CVE-2018-14465 page", url: "https://www.suse.com/security/cve/CVE-2018-14465/", }, { category: "self", summary: "SUSE CVE CVE-2018-14466 page", url: "https://www.suse.com/security/cve/CVE-2018-14466/", }, { category: "self", summary: "SUSE CVE CVE-2018-14467 page", url: "https://www.suse.com/security/cve/CVE-2018-14467/", }, { category: "self", summary: "SUSE CVE CVE-2018-14468 page", url: "https://www.suse.com/security/cve/CVE-2018-14468/", }, { category: "self", summary: "SUSE CVE CVE-2018-14469 page", url: "https://www.suse.com/security/cve/CVE-2018-14469/", }, { category: "self", summary: "SUSE CVE CVE-2018-14470 page", url: "https://www.suse.com/security/cve/CVE-2018-14470/", }, { category: "self", summary: "SUSE CVE CVE-2018-14879 page", url: "https://www.suse.com/security/cve/CVE-2018-14879/", }, { category: "self", summary: "SUSE CVE CVE-2018-14880 page", url: "https://www.suse.com/security/cve/CVE-2018-14880/", }, { category: "self", summary: "SUSE CVE CVE-2018-14881 page", url: "https://www.suse.com/security/cve/CVE-2018-14881/", }, { category: "self", summary: "SUSE CVE CVE-2018-14882 page", url: "https://www.suse.com/security/cve/CVE-2018-14882/", }, { category: "self", summary: "SUSE CVE CVE-2018-16227 page", url: "https://www.suse.com/security/cve/CVE-2018-16227/", }, { category: "self", summary: "SUSE CVE CVE-2018-16228 page", url: "https://www.suse.com/security/cve/CVE-2018-16228/", }, { category: "self", summary: "SUSE CVE CVE-2018-16229 page", url: "https://www.suse.com/security/cve/CVE-2018-16229/", }, { category: "self", summary: "SUSE CVE CVE-2018-16230 page", url: "https://www.suse.com/security/cve/CVE-2018-16230/", }, { category: "self", summary: "SUSE CVE CVE-2018-16300 page", url: "https://www.suse.com/security/cve/CVE-2018-16300/", }, { category: "self", summary: "SUSE CVE CVE-2018-16301 page", url: "https://www.suse.com/security/cve/CVE-2018-16301/", }, { category: "self", summary: "SUSE CVE CVE-2018-16451 page", url: "https://www.suse.com/security/cve/CVE-2018-16451/", }, { category: "self", summary: "SUSE CVE CVE-2018-16452 page", url: "https://www.suse.com/security/cve/CVE-2018-16452/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, { category: "self", summary: "SUSE CVE CVE-2019-15166 page", url: "https://www.suse.com/security/cve/CVE-2019-15166/", }, { category: "self", summary: "SUSE CVE CVE-2019-15167 page", url: "https://www.suse.com/security/cve/CVE-2019-15167/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2019-10-15T14:53:30Z", generator: { date: "2019-10-15T14:53:30Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2674-1", initial_release_date: "2019-10-15T14:53:30Z", revision_history: [ { date: "2019-10-15T14:53:30Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.aarch64", product: { name: "tcpdump-4.9.2-3.9.1.aarch64", product_id: "tcpdump-4.9.2-3.9.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.i586", product: { name: "tcpdump-4.9.2-3.9.1.i586", product_id: "tcpdump-4.9.2-3.9.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.ppc64le", product: { name: "tcpdump-4.9.2-3.9.1.ppc64le", product_id: "tcpdump-4.9.2-3.9.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.s390x", product: { name: "tcpdump-4.9.2-3.9.1.s390x", product_id: "tcpdump-4.9.2-3.9.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.x86_64", product: { name: "tcpdump-4.9.2-3.9.1.x86_64", product_id: "tcpdump-4.9.2-3.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15", product: { name: "SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", }, product_reference: "tcpdump-4.9.2-3.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", }, product_reference: "tcpdump-4.9.2-3.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", }, product_reference: "tcpdump-4.9.2-3.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", }, product_reference: "tcpdump-4.9.2-3.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", }, product_reference: "tcpdump-4.9.2-3.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", }, product_reference: "tcpdump-4.9.2-3.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", }, product_reference: "tcpdump-4.9.2-3.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", }, product_reference: "tcpdump-4.9.2-3.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2018-10103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10103", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10103", url: "https://www.suse.com/security/cve/CVE-2018-10103", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10103", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-10103", }, { cve: "CVE-2018-10105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10105", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10105", url: "https://www.suse.com/security/cve/CVE-2018-10105", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10105", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-10105", }, { cve: "CVE-2018-14461", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14461", }, ], notes: [ { category: "general", text: "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14461", url: "https://www.suse.com/security/cve/CVE-2018-14461", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14461", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14461", }, { cve: "CVE-2018-14462", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14462", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14462", url: "https://www.suse.com/security/cve/CVE-2018-14462", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14462", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14462", }, { cve: "CVE-2018-14463", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14463", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14463", url: "https://www.suse.com/security/cve/CVE-2018-14463", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14463", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14463", }, { cve: "CVE-2018-14464", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14464", }, ], notes: [ { category: "general", text: "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14464", url: "https://www.suse.com/security/cve/CVE-2018-14464", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14464", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14464", }, { cve: "CVE-2018-14465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14465", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14465", url: "https://www.suse.com/security/cve/CVE-2018-14465", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14465", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14465", }, { cve: "CVE-2018-14466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14466", }, ], notes: [ { category: "general", text: "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14466", url: "https://www.suse.com/security/cve/CVE-2018-14466", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14466", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1166972 for CVE-2018-14466", url: "https://bugzilla.suse.com/1166972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14466", }, { cve: "CVE-2018-14467", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14467", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14467", url: "https://www.suse.com/security/cve/CVE-2018-14467", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14467", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14467", }, { cve: "CVE-2018-14468", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14468", }, ], notes: [ { category: "general", text: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14468", url: "https://www.suse.com/security/cve/CVE-2018-14468", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14468", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14468", }, { cve: "CVE-2018-14469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14469", }, ], notes: [ { category: "general", text: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14469", url: "https://www.suse.com/security/cve/CVE-2018-14469", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14469", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14469", }, { cve: "CVE-2018-14470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14470", }, ], notes: [ { category: "general", text: "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14470", url: "https://www.suse.com/security/cve/CVE-2018-14470", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14470", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14470", }, { cve: "CVE-2018-14879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14879", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14879", url: "https://www.suse.com/security/cve/CVE-2018-14879", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14879", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "low", }, ], title: "CVE-2018-14879", }, { cve: "CVE-2018-14880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14880", }, ], notes: [ { category: "general", text: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14880", url: "https://www.suse.com/security/cve/CVE-2018-14880", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14880", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14880", }, { cve: "CVE-2018-14881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14881", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14881", url: "https://www.suse.com/security/cve/CVE-2018-14881", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14881", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14881", }, { cve: "CVE-2018-14882", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14882", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14882", url: "https://www.suse.com/security/cve/CVE-2018-14882", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14882", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14882", }, { cve: "CVE-2018-16227", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16227", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16227", url: "https://www.suse.com/security/cve/CVE-2018-16227", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16227", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16227", }, { cve: "CVE-2018-16228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16228", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16228", url: "https://www.suse.com/security/cve/CVE-2018-16228", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16228", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16228", }, { cve: "CVE-2018-16229", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16229", }, ], notes: [ { category: "general", text: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16229", url: "https://www.suse.com/security/cve/CVE-2018-16229", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16229", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16229", }, { cve: "CVE-2018-16230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16230", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16230", url: "https://www.suse.com/security/cve/CVE-2018-16230", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16230", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16230", }, { cve: "CVE-2018-16300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16300", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16300", url: "https://www.suse.com/security/cve/CVE-2018-16300", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16300", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "important", }, ], title: "CVE-2018-16300", }, { cve: "CVE-2018-16301", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16301", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16301", url: "https://www.suse.com/security/cve/CVE-2018-16301", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1153332 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153332", }, { category: "external", summary: "SUSE Bug 1195825 for CVE-2018-16301", url: "https://bugzilla.suse.com/1195825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "important", }, ], title: "CVE-2018-16301", }, { cve: "CVE-2018-16451", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16451", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16451", url: "https://www.suse.com/security/cve/CVE-2018-16451", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16451", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16451", }, { cve: "CVE-2018-16452", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16452", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16452", url: "https://www.suse.com/security/cve/CVE-2018-16452", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16452", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16452", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, { cve: "CVE-2019-15166", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15166", }, ], notes: [ { category: "general", text: "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15166", url: "https://www.suse.com/security/cve/CVE-2019-15166", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15166", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2019-15166", }, { cve: "CVE-2019-15167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15167", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15167", url: "https://www.suse.com/security/cve/CVE-2019-15167", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15167", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2019-15167", }, ], }
suse-su-2019:2087-1
Vulnerability from csaf_suse
Published
2019-08-07 16:16
Modified
2019-08-07 16:16
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
Security issues fixed:
- CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439).
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716).
Patchnames
SUSE-2019-2087,SUSE-SLE-Module-Basesystem-15-2019-2087,SUSE-SLE-Module-Basesystem-15-SP1-2019-2087
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439).\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2087,SUSE-SLE-Module-Basesystem-15-2019-2087,SUSE-SLE-Module-Basesystem-15-SP1-2019-2087", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2087-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2087-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192087-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2087-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-August/005800.html", }, { category: "self", summary: "SUSE Bug 1068716", url: "https://bugzilla.suse.com/1068716", }, { category: "self", summary: "SUSE Bug 1142439", url: "https://bugzilla.suse.com/1142439", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2019-08-07T16:16:51Z", generator: { date: "2019-08-07T16:16:51Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2087-1", initial_release_date: "2019-08-07T16:16:51Z", revision_history: [ { date: "2019-08-07T16:16:51Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.6.1.aarch64", product: { name: "tcpdump-4.9.2-3.6.1.aarch64", product_id: "tcpdump-4.9.2-3.6.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.6.1.i586", product: { name: "tcpdump-4.9.2-3.6.1.i586", product_id: "tcpdump-4.9.2-3.6.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.6.1.ppc64le", product: { name: "tcpdump-4.9.2-3.6.1.ppc64le", product_id: "tcpdump-4.9.2-3.6.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.6.1.s390x", product: { name: "tcpdump-4.9.2-3.6.1.s390x", product_id: "tcpdump-4.9.2-3.6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.6.1.x86_64", product: { name: "tcpdump-4.9.2-3.6.1.x86_64", product_id: "tcpdump-4.9.2-3.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15", product: { name: "SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.aarch64", }, product_reference: "tcpdump-4.9.2-3.6.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.ppc64le", }, product_reference: "tcpdump-4.9.2-3.6.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.s390x", }, product_reference: "tcpdump-4.9.2-3.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.x86_64", }, product_reference: "tcpdump-4.9.2-3.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.aarch64", }, product_reference: "tcpdump-4.9.2-3.6.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.ppc64le", }, product_reference: "tcpdump-4.9.2-3.6.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.s390x", }, product_reference: "tcpdump-4.9.2-3.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.x86_64", }, product_reference: "tcpdump-4.9.2-3.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-08-07T16:16:51Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.6.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-08-07T16:16:51Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, ], }
suse-su-2020:3360-1
Vulnerability from csaf_suse
Published
2020-11-17 12:41
Modified
2020-11-17 12:41
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
- CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466).
The previous update of tcpdump already fixed variuous Buffer overflow/overread vulnerabilities [bsc#1153098, bsc#1153332]
- CVE-2017-16808 (AoE)
- CVE-2018-14468 (FrameRelay)
- CVE-2018-14469 (IKEv1)
- CVE-2018-14470 (BABEL)
- CVE-2018-14466 (AFS/RX)
- CVE-2018-14461 (LDP)
- CVE-2018-14462 (ICMP)
- CVE-2018-14465 (RSVP)
- CVE-2018-14464 (LMP)
- CVE-2019-15166 (LMP)
- CVE-2018-14880 (OSPF6)
- CVE-2018-14882 (RPL)
- CVE-2018-16227 (802.11)
- CVE-2018-16229 (DCCP)
- CVE-2018-14467 (BGP)
- CVE-2018-14881 (BGP)
- CVE-2018-16230 (BGP)
- CVE-2018-16300 (BGP)
- CVE-2018-14463 (VRRP)
- CVE-2019-15167 (VRRP)
- CVE-2018-14879 (tcpdump -V)
- CVE-2018-16228 (HNCP) is a duplicate of the already fixed CVE-2019-1010220
- CVE-2018-16301 (fixed in libpcap)
- CVE-2018-16451 (SMB)
- CVE-2018-16452 (SMB)
- CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
- CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)
Patchnames
SUSE-2020-3360,SUSE-SLE-SERVER-12-SP5-2020-3360
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\n- CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466).\n\nThe previous update of tcpdump already fixed variuous Buffer overflow/overread vulnerabilities [bsc#1153098, bsc#1153332]\n\n- CVE-2017-16808 (AoE)\n- CVE-2018-14468 (FrameRelay)\n- CVE-2018-14469 (IKEv1)\n- CVE-2018-14470 (BABEL)\n- CVE-2018-14466 (AFS/RX)\n- CVE-2018-14461 (LDP)\n- CVE-2018-14462 (ICMP)\n- CVE-2018-14465 (RSVP)\n- CVE-2018-14464 (LMP)\n- CVE-2019-15166 (LMP)\n- CVE-2018-14880 (OSPF6)\n- CVE-2018-14882 (RPL)\n- CVE-2018-16227 (802.11)\n- CVE-2018-16229 (DCCP)\n- CVE-2018-14467 (BGP)\n- CVE-2018-14881 (BGP)\n- CVE-2018-16230 (BGP)\n- CVE-2018-16300 (BGP)\n- CVE-2018-14463 (VRRP)\n- CVE-2019-15167 (VRRP)\n- CVE-2018-14879 (tcpdump -V)\n- CVE-2018-16228 (HNCP) is a duplicate of the already fixed CVE-2019-1010220\n- CVE-2018-16301 (fixed in libpcap)\n- CVE-2018-16451 (SMB)\n- CVE-2018-16452 (SMB)\n- CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)\n- CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-3360,SUSE-SLE-SERVER-12-SP5-2020-3360", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3360-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:3360-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20203360-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:3360-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007788.html", }, { category: "self", summary: "SUSE Bug 1153098", url: "https://bugzilla.suse.com/1153098", }, { category: "self", summary: "SUSE Bug 1153332", url: "https://bugzilla.suse.com/1153332", }, { category: "self", summary: "SUSE Bug 1178466", url: "https://bugzilla.suse.com/1178466", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2018-10103 page", url: "https://www.suse.com/security/cve/CVE-2018-10103/", }, { category: "self", summary: "SUSE CVE CVE-2018-10105 page", url: "https://www.suse.com/security/cve/CVE-2018-10105/", }, { category: "self", summary: "SUSE CVE CVE-2018-14461 page", url: "https://www.suse.com/security/cve/CVE-2018-14461/", }, { category: "self", summary: "SUSE CVE CVE-2018-14462 page", url: "https://www.suse.com/security/cve/CVE-2018-14462/", }, { category: "self", summary: "SUSE CVE CVE-2018-14463 page", url: "https://www.suse.com/security/cve/CVE-2018-14463/", }, { category: "self", summary: "SUSE CVE CVE-2018-14464 page", url: "https://www.suse.com/security/cve/CVE-2018-14464/", }, { category: "self", summary: "SUSE CVE CVE-2018-14465 page", url: "https://www.suse.com/security/cve/CVE-2018-14465/", }, { category: "self", summary: "SUSE CVE CVE-2018-14466 page", url: "https://www.suse.com/security/cve/CVE-2018-14466/", }, { category: "self", summary: "SUSE CVE CVE-2018-14467 page", url: "https://www.suse.com/security/cve/CVE-2018-14467/", }, { category: "self", summary: "SUSE CVE CVE-2018-14468 page", url: "https://www.suse.com/security/cve/CVE-2018-14468/", }, { category: "self", summary: "SUSE CVE CVE-2018-14469 page", url: "https://www.suse.com/security/cve/CVE-2018-14469/", }, { category: "self", summary: "SUSE CVE CVE-2018-14470 page", url: "https://www.suse.com/security/cve/CVE-2018-14470/", }, { category: "self", summary: "SUSE CVE CVE-2018-14879 page", url: "https://www.suse.com/security/cve/CVE-2018-14879/", }, { category: "self", summary: "SUSE CVE CVE-2018-14880 page", url: "https://www.suse.com/security/cve/CVE-2018-14880/", }, { category: "self", summary: "SUSE CVE CVE-2018-14881 page", url: "https://www.suse.com/security/cve/CVE-2018-14881/", }, { category: "self", summary: "SUSE CVE CVE-2018-14882 page", url: "https://www.suse.com/security/cve/CVE-2018-14882/", }, { category: "self", summary: "SUSE CVE CVE-2018-16227 page", url: "https://www.suse.com/security/cve/CVE-2018-16227/", }, { category: "self", summary: "SUSE CVE CVE-2018-16228 page", url: "https://www.suse.com/security/cve/CVE-2018-16228/", }, { category: "self", summary: "SUSE CVE CVE-2018-16229 page", url: "https://www.suse.com/security/cve/CVE-2018-16229/", }, { category: "self", summary: "SUSE CVE CVE-2018-16230 page", url: "https://www.suse.com/security/cve/CVE-2018-16230/", }, { category: "self", summary: "SUSE CVE CVE-2018-16300 page", url: "https://www.suse.com/security/cve/CVE-2018-16300/", }, { category: "self", summary: "SUSE CVE CVE-2018-16301 page", url: "https://www.suse.com/security/cve/CVE-2018-16301/", }, { category: "self", summary: "SUSE CVE CVE-2018-16451 page", url: "https://www.suse.com/security/cve/CVE-2018-16451/", }, { category: "self", summary: "SUSE CVE CVE-2018-16452 page", url: "https://www.suse.com/security/cve/CVE-2018-16452/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, { category: "self", summary: "SUSE CVE CVE-2019-15166 page", url: "https://www.suse.com/security/cve/CVE-2019-15166/", }, { category: "self", summary: "SUSE CVE CVE-2019-15167 page", url: "https://www.suse.com/security/cve/CVE-2019-15167/", }, { category: "self", summary: "SUSE CVE CVE-2020-8037 page", url: "https://www.suse.com/security/cve/CVE-2020-8037/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2020-11-17T12:41:00Z", generator: { date: "2020-11-17T12:41:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:3360-1", initial_release_date: "2020-11-17T12:41:00Z", revision_history: [ { date: "2020-11-17T12:41:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.aarch64", product: { name: "tcpdump-4.9.2-14.17.1.aarch64", product_id: "tcpdump-4.9.2-14.17.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.i586", product: { name: "tcpdump-4.9.2-14.17.1.i586", product_id: "tcpdump-4.9.2-14.17.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.ppc64le", product: { name: "tcpdump-4.9.2-14.17.1.ppc64le", product_id: "tcpdump-4.9.2-14.17.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.s390", product: { name: "tcpdump-4.9.2-14.17.1.s390", product_id: "tcpdump-4.9.2-14.17.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.s390x", product: { name: "tcpdump-4.9.2-14.17.1.s390x", product_id: "tcpdump-4.9.2-14.17.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.x86_64", product: { name: "tcpdump-4.9.2-14.17.1.x86_64", product_id: "tcpdump-4.9.2-14.17.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", }, product_reference: "tcpdump-4.9.2-14.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", }, product_reference: "tcpdump-4.9.2-14.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", }, product_reference: "tcpdump-4.9.2-14.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", }, product_reference: "tcpdump-4.9.2-14.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", }, product_reference: "tcpdump-4.9.2-14.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", }, product_reference: "tcpdump-4.9.2-14.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", }, product_reference: "tcpdump-4.9.2-14.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", }, product_reference: "tcpdump-4.9.2-14.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2018-10103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10103", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10103", url: "https://www.suse.com/security/cve/CVE-2018-10103", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10103", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-10103", }, { cve: "CVE-2018-10105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10105", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10105", url: "https://www.suse.com/security/cve/CVE-2018-10105", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10105", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-10105", }, { cve: "CVE-2018-14461", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14461", }, ], notes: [ { category: "general", text: "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14461", url: "https://www.suse.com/security/cve/CVE-2018-14461", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14461", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14461", }, { cve: "CVE-2018-14462", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14462", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14462", url: "https://www.suse.com/security/cve/CVE-2018-14462", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14462", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14462", }, { cve: "CVE-2018-14463", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14463", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14463", url: "https://www.suse.com/security/cve/CVE-2018-14463", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14463", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14463", }, { cve: "CVE-2018-14464", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14464", }, ], notes: [ { category: "general", text: "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14464", url: "https://www.suse.com/security/cve/CVE-2018-14464", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14464", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14464", }, { cve: "CVE-2018-14465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14465", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14465", url: "https://www.suse.com/security/cve/CVE-2018-14465", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14465", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14465", }, { cve: "CVE-2018-14466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14466", }, ], notes: [ { category: "general", text: "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14466", url: "https://www.suse.com/security/cve/CVE-2018-14466", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14466", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1166972 for CVE-2018-14466", url: "https://bugzilla.suse.com/1166972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14466", }, { cve: "CVE-2018-14467", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14467", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14467", url: "https://www.suse.com/security/cve/CVE-2018-14467", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14467", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14467", }, { cve: "CVE-2018-14468", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14468", }, ], notes: [ { category: "general", text: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14468", url: "https://www.suse.com/security/cve/CVE-2018-14468", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14468", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14468", }, { cve: "CVE-2018-14469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14469", }, ], notes: [ { category: "general", text: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14469", url: "https://www.suse.com/security/cve/CVE-2018-14469", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14469", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14469", }, { cve: "CVE-2018-14470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14470", }, ], notes: [ { category: "general", text: "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14470", url: "https://www.suse.com/security/cve/CVE-2018-14470", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14470", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14470", }, { cve: "CVE-2018-14879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14879", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14879", url: "https://www.suse.com/security/cve/CVE-2018-14879", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14879", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "low", }, ], title: "CVE-2018-14879", }, { cve: "CVE-2018-14880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14880", }, ], notes: [ { category: "general", text: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14880", url: "https://www.suse.com/security/cve/CVE-2018-14880", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14880", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14880", }, { cve: "CVE-2018-14881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14881", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14881", url: "https://www.suse.com/security/cve/CVE-2018-14881", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14881", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14881", }, { cve: "CVE-2018-14882", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14882", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14882", url: "https://www.suse.com/security/cve/CVE-2018-14882", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14882", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14882", }, { cve: "CVE-2018-16227", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16227", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16227", url: "https://www.suse.com/security/cve/CVE-2018-16227", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16227", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16227", }, { cve: "CVE-2018-16228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16228", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16228", url: "https://www.suse.com/security/cve/CVE-2018-16228", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16228", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16228", }, { cve: "CVE-2018-16229", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16229", }, ], notes: [ { category: "general", text: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16229", url: "https://www.suse.com/security/cve/CVE-2018-16229", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16229", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16229", }, { cve: "CVE-2018-16230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16230", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16230", url: "https://www.suse.com/security/cve/CVE-2018-16230", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16230", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16230", }, { cve: "CVE-2018-16300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16300", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16300", url: "https://www.suse.com/security/cve/CVE-2018-16300", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16300", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "important", }, ], title: "CVE-2018-16300", }, { cve: "CVE-2018-16301", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16301", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16301", url: "https://www.suse.com/security/cve/CVE-2018-16301", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1153332 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153332", }, { category: "external", summary: "SUSE Bug 1195825 for CVE-2018-16301", url: "https://bugzilla.suse.com/1195825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "important", }, ], title: "CVE-2018-16301", }, { cve: "CVE-2018-16451", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16451", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16451", url: "https://www.suse.com/security/cve/CVE-2018-16451", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16451", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16451", }, { cve: "CVE-2018-16452", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16452", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16452", url: "https://www.suse.com/security/cve/CVE-2018-16452", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16452", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16452", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, { cve: "CVE-2019-15166", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15166", }, ], notes: [ { category: "general", text: "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15166", url: "https://www.suse.com/security/cve/CVE-2019-15166", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15166", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2019-15166", }, { cve: "CVE-2019-15167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15167", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15167", url: "https://www.suse.com/security/cve/CVE-2019-15167", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15167", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2019-15167", }, { cve: "CVE-2020-8037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8037", }, ], notes: [ { category: "general", text: "The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8037", url: "https://www.suse.com/security/cve/CVE-2020-8037", }, { category: "external", summary: "SUSE Bug 1178466 for CVE-2020-8037", url: "https://bugzilla.suse.com/1178466", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2020-8037", }, ], }
ghsa-j4v3-95xv-q35p
Vulnerability from github
Published
2022-05-13 01:53
Modified
2025-04-20 03:48
Severity ?
Details
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
{ affected: [], aliases: [ "CVE-2017-16808", ], database_specific: { cwe_ids: [ "CWE-125", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-11-13T21:29:00Z", severity: "MODERATE", }, details: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", id: "GHSA-j4v3-95xv-q35p", modified: "2025-04-20T03:48:22Z", published: "2022-05-13T01:53:59Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-16808", }, { type: "WEB", url: "https://github.com/the-tcpdump-group/tcpdump/issues/645", }, { type: "WEB", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU", }, { type: "WEB", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { type: "WEB", url: "https://seclists.org/bugtraq/2019/Oct/2", }, { type: "WEB", url: "https://support.apple.com/kb/HT210788", }, { type: "WEB", url: "https://usn.ubuntu.com/4252-1", }, { type: "WEB", url: "https://usn.ubuntu.com/4252-2", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { type: "WEB", url: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", }, { type: "WEB", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { type: "WEB", url: "http://www.securitytracker.com/id/1039773", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
fkie_cve-2017-16808
Vulnerability from fkie_nvd
Published
2017-11-13 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:4.9.2:*:*:*:*:*:*:*", matchCriteriaId: "E9FBA366-800E-4163-8E22-A652750C4F28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", }, { lang: "es", value: "tcpdump en versiones anteriores a la 4.9.3 tiene una lectura en exceso del búfer en la región heap de la memoria relacionada con aoe_print en print-aoe.c y lookup_emem en addrtoname.c.", }, ], id: "CVE-2017-16808", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-11-13T21:29:00.363", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039773", }, { source: "cve@mitre.org", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/issues/645", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Oct/2", }, { source: "cve@mitre.org", url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/issues/645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Oct/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2017-16808
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
Aliases
Aliases
{ GSD: { alias: "CVE-2017-16808", description: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", id: "GSD-2017-16808", references: [ "https://www.suse.com/security/cve/CVE-2017-16808.html", "https://ubuntu.com/security/CVE-2017-16808", "https://advisories.mageia.org/CVE-2017-16808.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2017-16808", ], details: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", id: "GSD-2017-16808", modified: "2023-12-13T01:21:00.894365Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-16808", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1039773", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039773", }, { name: "https://github.com/the-tcpdump-group/tcpdump/issues/645", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/issues/645", }, { name: "openSUSE-SU-2019:1964", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html", }, { name: "20191002 [slackware-security] tcpdump (SSA:2019-274-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/2", }, { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:tcpdump:tcpdump:4.9.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-16808", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/issues/645", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/issues/645", }, { name: "1039773", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039773", }, { name: "openSUSE-SU-2019:1964", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00065.html", }, { name: "20191002 [slackware-security] tcpdump (SSA:2019-274-01)", refsource: "BUGTRAQ", tags: [], url: "https://seclists.org/bugtraq/2019/Oct/2", }, { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", tags: [], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", refsource: "MISC", tags: [], url: "http://packetstormsecurity.com/files/154710/Slackware-Security-Advisory-tcpdump-Updates.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", tags: [], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", tags: [], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", tags: [], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", tags: [], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", tags: [], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", tags: [], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "USN-4252-2", refsource: "UBUNTU", tags: [], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", tags: [], url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, }, }, lastModifiedDate: "2019-10-02T16:15Z", publishedDate: "2017-11-13T21:29Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.