Bug 923142 (CVE-2014-9140) - VUL-1: CVE-2014-9140: tcpdump: issue with PPP printer
Summary: VUL-1: CVE-2014-9140: tcpdump: issue with PPP printer
Status: RESOLVED FIXED
Alias: CVE-2014-9140
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle10-sp3:61240 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-19 10:23 UTC by Vítězslav Čížek
Modified: 2015-04-09 08:05 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vítězslav Čížek 2015-03-19 10:23:11 UTC 
From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140:

Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.

Fix:
https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda
Comment 2 Bernhard Wiedemann 2015-03-20 12:00:24 UTC 
This is an autogenerated message for OBS integration:
This bug (923142) was mentioned in
https://build.opensuse.org/request/show/292023 13.2+13.1 / tcpdump
Comment 6 Andreas Stieger 2015-03-20 14:22:20 UTC 
issue is public
Comment 10 Swamp Workflow Management 2015-03-23 23:00:14 UTC 
bugbot adjusting priority
Comment 11 Swamp Workflow Management 2015-03-27 15:05:42 UTC 
openSUSE-SU-2015:0616-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 922220,922221,922222,922223,923142
CVE References: CVE-2014-9140,CVE-2015-0261,CVE-2015-2153,CVE-2015-2154,CVE-2015-2155
Sources used:
openSUSE 13.2 (src):    tcpdump-4.6.2-8.1
openSUSE 13.1 (src):    tcpdump-4.4.0-2.8.1
Comment 12 Swamp Workflow Management 2015-04-08 13:05:43 UTC 
SUSE-SU-2015:0679-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 922220,922221,922222,922223,923142
CVE References: CVE-2014-9140,CVE-2015-0261,CVE-2015-2153,CVE-2015-2154,CVE-2015-2155
Sources used:
SUSE Linux Enterprise Server 12 (src):    tcpdump-4.5.1-7.1
SUSE Linux Enterprise Desktop 12 (src):    tcpdump-4.5.1-7.1
Comment 13 Andreas Stieger 2015-04-08 14:53:34 UTC 
releasing
Comment 14 Swamp Workflow Management 2015-04-09 01:07:08 UTC 
SUSE-SU-2015:0692-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 922220,922222,923142
CVE References: CVE-2014-9140,CVE-2015-0261,CVE-2015-2154
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    tcpdump-3.9.8-1.27.1
SUSE Linux Enterprise Server 11 SP3 (src):    tcpdump-3.9.8-1.27.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    tcpdump-3.9.8-1.27.1