Vulnerability from csaf_suse
Published
2020-11-17 12:41
Modified
2020-11-17 12:41
Summary
Security update for tcpdump
Notes
Title of the patch
Security update for tcpdump
Description of the patch
This update for tcpdump fixes the following issues:
- CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466).
The previous update of tcpdump already fixed variuous Buffer overflow/overread vulnerabilities [bsc#1153098, bsc#1153332]
- CVE-2017-16808 (AoE)
- CVE-2018-14468 (FrameRelay)
- CVE-2018-14469 (IKEv1)
- CVE-2018-14470 (BABEL)
- CVE-2018-14466 (AFS/RX)
- CVE-2018-14461 (LDP)
- CVE-2018-14462 (ICMP)
- CVE-2018-14465 (RSVP)
- CVE-2018-14464 (LMP)
- CVE-2019-15166 (LMP)
- CVE-2018-14880 (OSPF6)
- CVE-2018-14882 (RPL)
- CVE-2018-16227 (802.11)
- CVE-2018-16229 (DCCP)
- CVE-2018-14467 (BGP)
- CVE-2018-14881 (BGP)
- CVE-2018-16230 (BGP)
- CVE-2018-16300 (BGP)
- CVE-2018-14463 (VRRP)
- CVE-2019-15167 (VRRP)
- CVE-2018-14879 (tcpdump -V)
- CVE-2018-16228 (HNCP) is a duplicate of the already fixed CVE-2019-1010220
- CVE-2018-16301 (fixed in libpcap)
- CVE-2018-16451 (SMB)
- CVE-2018-16452 (SMB)
- CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
- CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)
Patchnames
SUSE-2020-3360,SUSE-SLE-SERVER-12-SP5-2020-3360
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tcpdump", title: "Title of the patch", }, { category: "description", text: "This update for tcpdump fixes the following issues:\n\n- CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466).\n\nThe previous update of tcpdump already fixed variuous Buffer overflow/overread vulnerabilities [bsc#1153098, bsc#1153332]\n\n- CVE-2017-16808 (AoE)\n- CVE-2018-14468 (FrameRelay)\n- CVE-2018-14469 (IKEv1)\n- CVE-2018-14470 (BABEL)\n- CVE-2018-14466 (AFS/RX)\n- CVE-2018-14461 (LDP)\n- CVE-2018-14462 (ICMP)\n- CVE-2018-14465 (RSVP)\n- CVE-2018-14464 (LMP)\n- CVE-2019-15166 (LMP)\n- CVE-2018-14880 (OSPF6)\n- CVE-2018-14882 (RPL)\n- CVE-2018-16227 (802.11)\n- CVE-2018-16229 (DCCP)\n- CVE-2018-14467 (BGP)\n- CVE-2018-14881 (BGP)\n- CVE-2018-16230 (BGP)\n- CVE-2018-16300 (BGP)\n- CVE-2018-14463 (VRRP)\n- CVE-2019-15167 (VRRP)\n- CVE-2018-14879 (tcpdump -V)\n- CVE-2018-16228 (HNCP) is a duplicate of the already fixed CVE-2019-1010220\n- CVE-2018-16301 (fixed in libpcap)\n- CVE-2018-16451 (SMB)\n- CVE-2018-16452 (SMB)\n- CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)\n- CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-3360,SUSE-SLE-SERVER-12-SP5-2020-3360", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3360-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:3360-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20203360-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:3360-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007788.html", }, { category: "self", summary: "SUSE Bug 1153098", url: "https://bugzilla.suse.com/1153098", }, { category: "self", summary: "SUSE Bug 1153332", url: "https://bugzilla.suse.com/1153332", }, { category: "self", summary: "SUSE Bug 1178466", url: "https://bugzilla.suse.com/1178466", }, { category: "self", summary: "SUSE CVE CVE-2017-16808 page", url: "https://www.suse.com/security/cve/CVE-2017-16808/", }, { category: "self", summary: "SUSE CVE CVE-2018-10103 page", url: "https://www.suse.com/security/cve/CVE-2018-10103/", }, { category: "self", summary: "SUSE CVE CVE-2018-10105 page", url: "https://www.suse.com/security/cve/CVE-2018-10105/", }, { category: "self", summary: "SUSE CVE CVE-2018-14461 page", url: "https://www.suse.com/security/cve/CVE-2018-14461/", }, { category: "self", summary: "SUSE CVE CVE-2018-14462 page", url: "https://www.suse.com/security/cve/CVE-2018-14462/", }, { category: "self", summary: "SUSE CVE CVE-2018-14463 page", url: "https://www.suse.com/security/cve/CVE-2018-14463/", }, { category: "self", summary: "SUSE CVE CVE-2018-14464 page", url: "https://www.suse.com/security/cve/CVE-2018-14464/", }, { category: "self", summary: "SUSE CVE CVE-2018-14465 page", url: "https://www.suse.com/security/cve/CVE-2018-14465/", }, { category: "self", summary: "SUSE CVE CVE-2018-14466 page", url: "https://www.suse.com/security/cve/CVE-2018-14466/", }, { category: "self", summary: "SUSE CVE CVE-2018-14467 page", url: "https://www.suse.com/security/cve/CVE-2018-14467/", }, { category: "self", summary: "SUSE CVE CVE-2018-14468 page", url: "https://www.suse.com/security/cve/CVE-2018-14468/", }, { category: "self", summary: "SUSE CVE CVE-2018-14469 page", url: "https://www.suse.com/security/cve/CVE-2018-14469/", }, { category: "self", summary: "SUSE CVE CVE-2018-14470 page", url: "https://www.suse.com/security/cve/CVE-2018-14470/", }, { category: "self", summary: "SUSE CVE CVE-2018-14879 page", url: "https://www.suse.com/security/cve/CVE-2018-14879/", }, { category: "self", summary: "SUSE CVE CVE-2018-14880 page", url: "https://www.suse.com/security/cve/CVE-2018-14880/", }, { category: "self", summary: "SUSE CVE CVE-2018-14881 page", url: "https://www.suse.com/security/cve/CVE-2018-14881/", }, { category: "self", summary: "SUSE CVE CVE-2018-14882 page", url: "https://www.suse.com/security/cve/CVE-2018-14882/", }, { category: "self", summary: "SUSE CVE CVE-2018-16227 page", url: "https://www.suse.com/security/cve/CVE-2018-16227/", }, { category: "self", summary: "SUSE CVE CVE-2018-16228 page", url: "https://www.suse.com/security/cve/CVE-2018-16228/", }, { category: "self", summary: "SUSE CVE CVE-2018-16229 page", url: "https://www.suse.com/security/cve/CVE-2018-16229/", }, { category: "self", summary: "SUSE CVE CVE-2018-16230 page", url: "https://www.suse.com/security/cve/CVE-2018-16230/", }, { category: "self", summary: "SUSE CVE CVE-2018-16300 page", url: "https://www.suse.com/security/cve/CVE-2018-16300/", }, { category: "self", summary: "SUSE CVE CVE-2018-16301 page", url: "https://www.suse.com/security/cve/CVE-2018-16301/", }, { category: "self", summary: "SUSE CVE CVE-2018-16451 page", url: "https://www.suse.com/security/cve/CVE-2018-16451/", }, { category: "self", summary: "SUSE CVE CVE-2018-16452 page", url: "https://www.suse.com/security/cve/CVE-2018-16452/", }, { category: "self", summary: "SUSE CVE CVE-2019-1010220 page", url: "https://www.suse.com/security/cve/CVE-2019-1010220/", }, { category: "self", summary: "SUSE CVE CVE-2019-15166 page", url: "https://www.suse.com/security/cve/CVE-2019-15166/", }, { category: "self", summary: "SUSE CVE CVE-2019-15167 page", url: "https://www.suse.com/security/cve/CVE-2019-15167/", }, { category: "self", summary: "SUSE CVE CVE-2020-8037 page", url: "https://www.suse.com/security/cve/CVE-2020-8037/", }, ], title: "Security update for tcpdump", tracking: { current_release_date: "2020-11-17T12:41:00Z", generator: { date: "2020-11-17T12:41:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:3360-1", initial_release_date: "2020-11-17T12:41:00Z", revision_history: [ { date: "2020-11-17T12:41:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.aarch64", product: { name: "tcpdump-4.9.2-14.17.1.aarch64", product_id: "tcpdump-4.9.2-14.17.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.i586", product: { name: "tcpdump-4.9.2-14.17.1.i586", product_id: "tcpdump-4.9.2-14.17.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.ppc64le", product: { name: "tcpdump-4.9.2-14.17.1.ppc64le", product_id: "tcpdump-4.9.2-14.17.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.s390", product: { name: "tcpdump-4.9.2-14.17.1.s390", product_id: "tcpdump-4.9.2-14.17.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.s390x", product: { name: "tcpdump-4.9.2-14.17.1.s390x", product_id: "tcpdump-4.9.2-14.17.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcpdump-4.9.2-14.17.1.x86_64", product: { name: "tcpdump-4.9.2-14.17.1.x86_64", product_id: "tcpdump-4.9.2-14.17.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", }, product_reference: "tcpdump-4.9.2-14.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", }, product_reference: "tcpdump-4.9.2-14.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", }, product_reference: "tcpdump-4.9.2-14.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", }, product_reference: "tcpdump-4.9.2-14.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", }, product_reference: "tcpdump-4.9.2-14.17.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", }, product_reference: "tcpdump-4.9.2-14.17.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", }, product_reference: "tcpdump-4.9.2-14.17.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcpdump-4.9.2-14.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", }, product_reference: "tcpdump-4.9.2-14.17.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2017-16808", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16808", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16808", url: "https://www.suse.com/security/cve/CVE-2017-16808", }, { category: "external", summary: "SUSE Bug 1068716 for CVE-2017-16808", url: "https://bugzilla.suse.com/1068716", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2017-16808", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "important", }, ], title: "CVE-2017-16808", }, { cve: "CVE-2018-10103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10103", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10103", url: "https://www.suse.com/security/cve/CVE-2018-10103", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10103", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-10103", }, { cve: "CVE-2018-10105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10105", }, ], notes: [ { category: "general", text: "tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10105", url: "https://www.suse.com/security/cve/CVE-2018-10105", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-10105", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-10105", }, { cve: "CVE-2018-14461", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14461", }, ], notes: [ { category: "general", text: "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14461", url: "https://www.suse.com/security/cve/CVE-2018-14461", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14461", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14461", }, { cve: "CVE-2018-14462", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14462", }, ], notes: [ { category: "general", text: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14462", url: "https://www.suse.com/security/cve/CVE-2018-14462", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14462", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14462", }, { cve: "CVE-2018-14463", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14463", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14463", url: "https://www.suse.com/security/cve/CVE-2018-14463", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14463", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14463", }, { cve: "CVE-2018-14464", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14464", }, ], notes: [ { category: "general", text: "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14464", url: "https://www.suse.com/security/cve/CVE-2018-14464", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14464", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14464", }, { cve: "CVE-2018-14465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14465", }, ], notes: [ { category: "general", text: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14465", url: "https://www.suse.com/security/cve/CVE-2018-14465", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14465", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14465", }, { cve: "CVE-2018-14466", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14466", }, ], notes: [ { category: "general", text: "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14466", url: "https://www.suse.com/security/cve/CVE-2018-14466", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14466", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1166972 for CVE-2018-14466", url: "https://bugzilla.suse.com/1166972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14466", }, { cve: "CVE-2018-14467", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14467", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14467", url: "https://www.suse.com/security/cve/CVE-2018-14467", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14467", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14467", }, { cve: "CVE-2018-14468", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14468", }, ], notes: [ { category: "general", text: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14468", url: "https://www.suse.com/security/cve/CVE-2018-14468", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14468", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14468", }, { cve: "CVE-2018-14469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14469", }, ], notes: [ { category: "general", text: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14469", url: "https://www.suse.com/security/cve/CVE-2018-14469", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14469", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14469", }, { cve: "CVE-2018-14470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14470", }, ], notes: [ { category: "general", text: "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14470", url: "https://www.suse.com/security/cve/CVE-2018-14470", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14470", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14470", }, { cve: "CVE-2018-14879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14879", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14879", url: "https://www.suse.com/security/cve/CVE-2018-14879", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14879", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "low", }, ], title: "CVE-2018-14879", }, { cve: "CVE-2018-14880", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14880", }, ], notes: [ { category: "general", text: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14880", url: "https://www.suse.com/security/cve/CVE-2018-14880", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14880", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14880", }, { cve: "CVE-2018-14881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14881", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14881", url: "https://www.suse.com/security/cve/CVE-2018-14881", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14881", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14881", }, { cve: "CVE-2018-14882", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14882", }, ], notes: [ { category: "general", text: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14882", url: "https://www.suse.com/security/cve/CVE-2018-14882", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-14882", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-14882", }, { cve: "CVE-2018-16227", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16227", }, ], notes: [ { category: "general", text: "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16227", url: "https://www.suse.com/security/cve/CVE-2018-16227", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16227", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16227", }, { cve: "CVE-2018-16228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16228", }, ], notes: [ { category: "general", text: "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16228", url: "https://www.suse.com/security/cve/CVE-2018-16228", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16228", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16228", }, { cve: "CVE-2018-16229", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16229", }, ], notes: [ { category: "general", text: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16229", url: "https://www.suse.com/security/cve/CVE-2018-16229", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16229", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16229", }, { cve: "CVE-2018-16230", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16230", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16230", url: "https://www.suse.com/security/cve/CVE-2018-16230", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16230", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16230", }, { cve: "CVE-2018-16300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16300", }, ], notes: [ { category: "general", text: "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16300", url: "https://www.suse.com/security/cve/CVE-2018-16300", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16300", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "important", }, ], title: "CVE-2018-16300", }, { cve: "CVE-2018-16301", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16301", }, ], notes: [ { category: "general", text: "The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16301", url: "https://www.suse.com/security/cve/CVE-2018-16301", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153098", }, { category: "external", summary: "SUSE Bug 1153332 for CVE-2018-16301", url: "https://bugzilla.suse.com/1153332", }, { category: "external", summary: "SUSE Bug 1195825 for CVE-2018-16301", url: "https://bugzilla.suse.com/1195825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "important", }, ], title: "CVE-2018-16301", }, { cve: "CVE-2018-16451", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16451", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16451", url: "https://www.suse.com/security/cve/CVE-2018-16451", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16451", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16451", }, { cve: "CVE-2018-16452", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16452", }, ], notes: [ { category: "general", text: "The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16452", url: "https://www.suse.com/security/cve/CVE-2018-16452", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2018-16452", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2018-16452", }, { cve: "CVE-2019-1010220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1010220", }, ], notes: [ { category: "general", text: "tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: \"ND_PRINT((ndo, \"%s\", buf));\", in function named \"print_prefix\", in \"print-hncp.c\". The attack vector is: The victim must open a specially crafted pcap file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1010220", url: "https://www.suse.com/security/cve/CVE-2019-1010220", }, { category: "external", summary: "SUSE Bug 1142439 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1142439", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-1010220", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2019-1010220", }, { cve: "CVE-2019-15166", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15166", }, ], notes: [ { category: "general", text: "lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15166", url: "https://www.suse.com/security/cve/CVE-2019-15166", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15166", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2019-15166", }, { cve: "CVE-2019-15167", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15167", }, ], notes: [ { category: "general", text: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15167", url: "https://www.suse.com/security/cve/CVE-2019-15167", }, { category: "external", summary: "SUSE Bug 1153098 for CVE-2019-15167", url: "https://bugzilla.suse.com/1153098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2019-15167", }, { cve: "CVE-2020-8037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8037", }, ], notes: [ { category: "general", text: "The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8037", url: "https://www.suse.com/security/cve/CVE-2020-8037", }, { category: "external", summary: "SUSE Bug 1178466 for CVE-2020-8037", url: "https://bugzilla.suse.com/1178466", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcpdump-4.9.2-14.17.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-17T12:41:00Z", details: "moderate", }, ], title: "CVE-2020-8037", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.