Security update for libpcap SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2345-1 Final 1 1 2019-10-20T16:18:19Z current 2019-10-20T16:18:19Z 2019-10-20T16:18:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libpcap This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2345 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AC2ESBQ7H3GD4M3CH2LEZXEYZONP5DEJ/#AC2ESBQ7H3GD4M3CH2LEZXEYZONP5DEJ E-Mail link for openSUSE-SU-2019:2345-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1153332 SUSE Bug 1153332 https://www.suse.com/security/cve/CVE-2018-16301/ SUSE CVE CVE-2018-16301 page https://www.suse.com/security/cve/CVE-2019-15165/ SUSE CVE CVE-2019-15165 page openSUSE Leap 15.1 libpcap-devel-1.8.1-lp151.4.3.1 libpcap-devel-32bit-1.8.1-lp151.4.3.1 libpcap-devel-static-1.8.1-lp151.4.3.1 libpcap1-1.8.1-lp151.4.3.1 libpcap1-32bit-1.8.1-lp151.4.3.1 libpcap-devel-1.8.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libpcap-devel-32bit-1.8.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libpcap-devel-static-1.8.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libpcap1-1.8.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libpcap1-32bit-1.8.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. CVE-2018-16301 openSUSE Leap 15.1:libpcap-devel-1.8.1-lp151.4.3.1 openSUSE Leap 15.1:libpcap-devel-32bit-1.8.1-lp151.4.3.1 openSUSE Leap 15.1:libpcap-devel-static-1.8.1-lp151.4.3.1 openSUSE Leap 15.1:libpcap1-1.8.1-lp151.4.3.1 openSUSE Leap 15.1:libpcap1-32bit-1.8.1-lp151.4.3.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AC2ESBQ7H3GD4M3CH2LEZXEYZONP5DEJ/#AC2ESBQ7H3GD4M3CH2LEZXEYZONP5DEJ https://www.suse.com/security/cve/CVE-2018-16301.html CVE-2018-16301 https://bugzilla.suse.com/1153098 SUSE Bug 1153098 https://bugzilla.suse.com/1153332 SUSE Bug 1153332 https://bugzilla.suse.com/1195825 SUSE Bug 1195825 sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. CVE-2019-15165 openSUSE Leap 15.1:libpcap-devel-1.8.1-lp151.4.3.1 openSUSE Leap 15.1:libpcap-devel-32bit-1.8.1-lp151.4.3.1 openSUSE Leap 15.1:libpcap-devel-static-1.8.1-lp151.4.3.1 openSUSE Leap 15.1:libpcap1-1.8.1-lp151.4.3.1 openSUSE Leap 15.1:libpcap1-32bit-1.8.1-lp151.4.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AC2ESBQ7H3GD4M3CH2LEZXEYZONP5DEJ/#AC2ESBQ7H3GD4M3CH2LEZXEYZONP5DEJ https://www.suse.com/security/cve/CVE-2019-15165.html CVE-2019-15165 https://bugzilla.suse.com/1153332 SUSE Bug 1153332