SUSE-SU-2020:3360-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2020/suse-su-20203360-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3360-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2020:3360-1

Upstream

CVE-2017-16808

CVE-2018-10103

CVE-2018-10105

CVE-2018-14461

CVE-2018-14462

CVE-2018-14463

CVE-2018-14464

CVE-2018-14465

CVE-2018-14466

CVE-2018-14467

CVE-2018-14468

CVE-2018-14469

CVE-2018-14470

CVE-2018-14879

CVE-2018-14880

CVE-2018-14881

CVE-2018-14882

CVE-2018-16227

CVE-2018-16228

CVE-2018-16229

CVE-2018-16230

CVE-2018-16300

CVE-2018-16301

CVE-2018-16451

CVE-2018-16452

CVE-2019-1010220

CVE-2019-15166

CVE-2019-15167

CVE-2020-8037

Related

Published

2020-11-17T12:41:00Z

Modified

2025-05-02T04:10:23.122255Z

Summary

Security update for tcpdump

Details

This update for tcpdump fixes the following issues:

CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466).

The previous update of tcpdump already fixed variuous Buffer overflow/overread vulnerabilities [bsc#1153098, bsc#1153332]

CVE-2017-16808 (AoE)
CVE-2018-14468 (FrameRelay)
CVE-2018-14469 (IKEv1)
CVE-2018-14470 (BABEL)
CVE-2018-14466 (AFS/RX)
CVE-2018-14461 (LDP)
CVE-2018-14462 (ICMP)
CVE-2018-14465 (RSVP)
CVE-2018-14464 (LMP)
CVE-2019-15166 (LMP)
CVE-2018-14880 (OSPF6)
CVE-2018-14882 (RPL)
CVE-2018-16227 (802.11)
CVE-2018-16229 (DCCP)
CVE-2018-14467 (BGP)
CVE-2018-14881 (BGP)
CVE-2018-16230 (BGP)
CVE-2018-16300 (BGP)
CVE-2018-14463 (VRRP)
CVE-2019-15167 (VRRP)
CVE-2018-14879 (tcpdump -V)
CVE-2018-16228 (HNCP) is a duplicate of the already fixed CVE-2019-1010220
CVE-2018-16301 (fixed in libpcap)
CVE-2018-16451 (SMB)
CVE-2018-16452 (SMB)
CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)

References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / tcpdump

Package

Name: tcpdump
Purl: pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9.2-14.17.1

Ecosystem specific

{
    "binaries": [
        {
            "tcpdump": "4.9.2-14.17.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3360-1.json"

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / tcpdump

Package

Name: tcpdump
Purl: pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9.2-14.17.1

Ecosystem specific

{
    "binaries": [
        {
            "tcpdump": "4.9.2-14.17.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3360-1.json"