Vulnerability from csaf_suse
Published
2019-10-15 14:53
Modified
2019-10-15 14:53
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).
- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).
- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).
- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).
- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).
- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).
- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).
- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).
- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).
- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).
- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).
- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).
- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).
- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).
- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).
- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).
- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).
- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).
- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).
- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).
- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).
- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098).
- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).
- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).
- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).
Patchnames
SUSE-2019-2674,SUSE-SLE-Module-Basesystem-15-2019-2674,SUSE-SLE-Module-Basesystem-15-SP1-2019-2674
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\n- CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n- CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n- CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n- CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n- CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n- CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n- CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n- CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n- CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n- CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n- CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n- CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n- CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n- CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n- CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n- CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n- CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n- CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n- CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n- CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n- CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n- CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n- CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n- CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n- CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-2674,SUSE-SLE-Module-Basesystem-15-2019-2674,SUSE-SLE-Module-Basesystem-15-SP1-2019-2674", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2674-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:2674-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192674-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:2674-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006020.html", }, { category: "self", summary: "SUSE Bug 1068716", url: "https://bugzilla.suse.com/1068716", }, { category: "self", summary: "SUSE Bug 1153098", url: "https://bugzilla.suse.com/1153098", }, { category: "self", summary: "SUSE Bug 1153332", url: "https://bugzilla.suse.com/1153332", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2018-10103 page", url: "https://www.suse.com/security/cve/CVE-2018-10103/", }, { category: "self", summary: "SUSE CVE CVE-2018-10105 page", url: "https://www.suse.com/security/cve/CVE-2018-10105/", }, { category: "self", summary: "SUSE CVE CVE-2018-14461 page", url: "https://www.suse.com/security/cve/CVE-2018-14461/", }, { category: "self", summary: "SUSE CVE CVE-2018-14462 page", url: "https://www.suse.com/security/cve/CVE-2018-14462/", }, { category: "self", summary: "SUSE CVE CVE-2018-14463 page", url: "https://www.suse.com/security/cve/CVE-2018-14463/", }, { category: "self", summary: "SUSE CVE CVE-2018-14464 page", url: "https://www.suse.com/security/cve/CVE-2018-14464/", }, { category: "self", summary: "SUSE CVE CVE-2018-14465 page", url: "https://www.suse.com/security/cve/CVE-2018-14465/", }, { category: "self", summary: "SUSE CVE CVE-2018-14466 page", url: "https://www.suse.com/security/cve/CVE-2018-14466/", }, { category: "self", summary: "SUSE CVE CVE-2018-14467 page", url: "https://www.suse.com/security/cve/CVE-2018-14467/", }, { category: "self", summary: "SUSE CVE CVE-2018-14468 page", url: "https://www.suse.com/security/cve/CVE-2018-14468/", }, { category: "self", summary: "SUSE CVE CVE-2018-14469 page", url: "https://www.suse.com/security/cve/CVE-2018-14469/", }, { category: "self", summary: "SUSE CVE CVE-2018-14470 page", url: "https://www.suse.com/security/cve/CVE-2018-14470/", }, { category: "self", summary: "SUSE CVE CVE-2018-14879 page", url: "https://www.suse.com/security/cve/CVE-2018-14879/", }, { category: "self", summary: "SUSE CVE CVE-2018-14880 page", url: "https://www.suse.com/security/cve/CVE-2018-14880/", }, { category: "self", summary: "SUSE CVE CVE-2018-14881 page", url: "https://www.suse.com/security/cve/CVE-2018-14881/", }, { category: "self", summary: "SUSE CVE CVE-2018-14882 page", url: "https://www.suse.com/security/cve/CVE-2018-14882/", }, { category: "self", summary: "SUSE CVE CVE-2018-16227 page", url: "https://www.suse.com/security/cve/CVE-2018-16227/", }, { category: "self", summary: "SUSE CVE CVE-2018-16228 page", url: "https://www.suse.com/security/cve/CVE-2018-16228/", }, { category: "self", summary: "SUSE CVE CVE-2018-16229 page", url: "https://www.suse.com/security/cve/CVE-2018-16229/", }, { category: "self", summary: "SUSE CVE CVE-2018-16230 page", url: "https://www.suse.com/security/cve/CVE-2018-16230/", }, { category: "self", summary: "SUSE CVE CVE-2018-16300 page", url: "https://www.suse.com/security/cve/CVE-2018-16300/", }, { category: "self", summary: "SUSE CVE CVE-2018-16301 page", url: "https://www.suse.com/security/cve/CVE-2018-16301/", }, { category: "self", summary: "SUSE CVE CVE-2018-16451 page", url: "https://www.suse.com/security/cve/CVE-2018-16451/", }, { category: "self", summary: "SUSE CVE CVE-2018-16452 page", url: "https://www.suse.com/security/cve/CVE-2018-16452/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, { category: "self", summary: "SUSE CVE CVE-2019-15166 page", url: "https://www.suse.com/security/cve/CVE-2019-15166/", }, { category: "self", summary: "SUSE CVE CVE-2019-15167 page", url: "https://www.suse.com/security/cve/CVE-2019-15167/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2019-10-15T14:53:30Z", generator: { date: "2019-10-15T14:53:30Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:2674-1", initial_release_date: "2019-10-15T14:53:30Z", revision_history: [ { date: "2019-10-15T14:53:30Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.aarch64", product: { name: "tcpdump-4.9.2-3.9.1.aarch64", product_id: "tcpdump-4.9.2-3.9.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.i586", product: { name: "tcpdump-4.9.2-3.9.1.i586", product_id: "tcpdump-4.9.2-3.9.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.ppc64le", product: { name: "tcpdump-4.9.2-3.9.1.ppc64le", product_id: "tcpdump-4.9.2-3.9.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.s390x", product: { name: "tcpdump-4.9.2-3.9.1.s390x", product_id: "tcpdump-4.9.2-3.9.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-3.9.1.x86_64", product: { name: "tcpdump-4.9.2-3.9.1.x86_64", product_id: "tcpdump-4.9.2-3.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15", product: { name: "SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", }, product_reference: "tcpdump-4.9.2-3.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", }, product_reference: "tcpdump-4.9.2-3.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", }, product_reference: "tcpdump-4.9.2-3.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", }, product_reference: "tcpdump-4.9.2-3.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", }, product_reference: "tcpdump-4.9.2-3.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", }, product_reference: "tcpdump-4.9.2-3.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", }, product_reference: "tcpdump-4.9.2-3.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", }, product_reference: "tcpdump-4.9.2-3.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2018-10103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10103", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10103", url: "https://www.suse.com/security/cve/CVE-2018-10103", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10103", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-10103", }, { cve: "CVE-2018-10105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10105", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10105", url: "https://www.suse.com/security/cve/CVE-2018-10105", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10105", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-10105", }, { cve: "CVE-2018-14461", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14461", }, ], notes: [ { category: "general", text: "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14461", url: "https://www.suse.com/security/cve/CVE-2018-14461", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14461", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14461", }, { cve: "CVE-2018-14462", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14462", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14462", url: "https://www.suse.com/security/cve/CVE-2018-14462", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14462", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14462", }, { cve: "CVE-2018-14463", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14463", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14463", url: "https://www.suse.com/security/cve/CVE-2018-14463", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14463", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14463", }, { cve: "CVE-2018-14464", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14464", }, ], notes: [ { category: "general", text: "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14464", url: "https://www.suse.com/security/cve/CVE-2018-14464", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14464", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14464", }, { cve: "CVE-2018-14465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14465", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14465", url: "https://www.suse.com/security/cve/CVE-2018-14465", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14465", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14465", }, { cve: "CVE-2018-14466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14466", }, ], notes: [ { category: "general", text: "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14466", url: "https://www.suse.com/security/cve/CVE-2018-14466", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14466", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1166972 for CVE-2018-14466", url: "https://bugzilla.suse.com/1166972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14466", }, { cve: "CVE-2018-14467", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14467", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14467", url: "https://www.suse.com/security/cve/CVE-2018-14467", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14467", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14467", }, { cve: "CVE-2018-14468", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14468", }, ], notes: [ { category: "general", text: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14468", url: "https://www.suse.com/security/cve/CVE-2018-14468", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14468", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14468", }, { cve: "CVE-2018-14469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14469", }, ], notes: [ { category: "general", text: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14469", url: "https://www.suse.com/security/cve/CVE-2018-14469", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14469", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14469", }, { cve: "CVE-2018-14470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14470", }, ], notes: [ { category: "general", text: "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14470", url: "https://www.suse.com/security/cve/CVE-2018-14470", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14470", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14470", }, { cve: "CVE-2018-14879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14879", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14879", url: "https://www.suse.com/security/cve/CVE-2018-14879", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14879", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "low", }, ], title: "CVE-2018-14879", }, { cve: "CVE-2018-14880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14880", }, ], notes: [ { category: "general", text: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14880", url: "https://www.suse.com/security/cve/CVE-2018-14880", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14880", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14880", }, { cve: "CVE-2018-14881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14881", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14881", url: "https://www.suse.com/security/cve/CVE-2018-14881", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14881", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14881", }, { cve: "CVE-2018-14882", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14882", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14882", url: "https://www.suse.com/security/cve/CVE-2018-14882", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14882", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-14882", }, { cve: "CVE-2018-16227", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16227", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16227", url: "https://www.suse.com/security/cve/CVE-2018-16227", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16227", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16227", }, { cve: "CVE-2018-16228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16228", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16228", url: "https://www.suse.com/security/cve/CVE-2018-16228", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16228", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16228", }, { cve: "CVE-2018-16229", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16229", }, ], notes: [ { category: "general", text: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16229", url: "https://www.suse.com/security/cve/CVE-2018-16229", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16229", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16229", }, { cve: "CVE-2018-16230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16230", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16230", url: "https://www.suse.com/security/cve/CVE-2018-16230", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16230", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16230", }, { cve: "CVE-2018-16300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16300", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16300", url: "https://www.suse.com/security/cve/CVE-2018-16300", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16300", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "important", }, ], title: "CVE-2018-16300", }, { cve: "CVE-2018-16301", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16301", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16301", url: "https://www.suse.com/security/cve/CVE-2018-16301", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1153332 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153332", }, { category: "external", summary: "SUSE Bug 1195825 for CVE-2018-16301", url: "https://bugzilla.suse.com/1195825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "important", }, ], title: "CVE-2018-16301", }, { cve: "CVE-2018-16451", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16451", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16451", url: "https://www.suse.com/security/cve/CVE-2018-16451", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16451", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16451", }, { cve: "CVE-2018-16452", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16452", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16452", url: "https://www.suse.com/security/cve/CVE-2018-16452", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16452", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2018-16452", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, { cve: "CVE-2019-15166", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15166", }, ], notes: [ { category: "general", text: "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15166", url: "https://www.suse.com/security/cve/CVE-2019-15166", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15166", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2019-15166", }, { cve: "CVE-2019-15167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15167", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15167", url: "https://www.suse.com/security/cve/CVE-2019-15167", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15167", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:tcpdump-4.9.2-3.9.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15:tcpdump-4.9.2-3.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-10-15T14:53:30Z", details: "moderate", }, ], title: "CVE-2019-15167", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.