diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2022-02-12 23:13:47 +0100 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2022-02-13 08:55:02 +0100 |
commit | e92a4e5458ff35083ea7263c68316b47243a1222 (patch) | |
tree | 73c7ece30e58cc4d85739e6a2f33aa71b33f4c88 /package/network/utils/tcpdump/Makefile | |
parent | 606106fb295e2770af4df7c04fc9fcc95428a0f4 (diff) | |
download | openwrt-e92a4e5458ff35083ea7263c68316b47243a1222.tar.gz openwrt-e92a4e5458ff35083ea7263c68316b47243a1222.tar.bz2 openwrt-e92a4e5458ff35083ea7263c68316b47243a1222.zip |
tcpdump: Fix CVE-2018-16301
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8f5875c4e221453932f217a82f8c3092cacba3e5)
(cherry picked from commit 59e7ae8d65ab9a9315608a69565f6a4247d3b1ac)
Diffstat (limited to 'package/network/utils/tcpdump/Makefile')
-rw-r--r-- | package/network/utils/tcpdump/Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile index 3e4d9d2d73..7fff2f5a8a 100644 --- a/package/network/utils/tcpdump/Makefile +++ b/package/network/utils/tcpdump/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tcpdump PKG_VERSION:=4.9.3 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.us.tcpdump.org/release/ \ |