OVAL Reference oval:com.redhat.rhsa:def:20204760

Oval Definition:

oval:com.redhat.rhsa:def:20204760

Revision Date:	2020-11-04	Version:	637
Title:	RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate)
Description:	The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063) Security Fix(es): tcpdump: SMB data printing mishandled (CVE-2018-10103) tcpdump: SMB data printing mishandled (CVE-2018-10105) tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879) tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461) tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462) tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463) tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464) tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465) tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466) tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467) tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468) tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469) tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470) tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880) tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881) tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882) tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227) tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228) tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229) tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230) tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300) tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451) tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452) tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Family:	unix	Class:	patch
Status:		Reference(s):	CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 RHSA-2020:4760
Platform(s):	Red Hat Enterprise Linux 8	Product(s):
Definition Synopsis
Red Hat Enterprise Linux must be installed OR Package Information tcpdump is earlier than 14:4.9.3-1.el8 AND tcpdump is signed with Red Hat redhatrelease2 key AND Red Hat Enterprise Linux 8 is installed OR Red Hat CoreOS 4 is installed

BACK