Show pagesourceOld revisionsBacklinksBack to top × Table of Contents LEDE v17.01.3 Changelog Build System / Buildroot (4 changes) Build System / Feeds (1 change) Build System / Host Utilities (1 change) Kernel (11 changes) Packages / Boot Loaders (1 change) Packages / Common (30 changes) Packages / LEDE base files (5 changes) Packages / LEDE network userland (5 changes) Packages / LEDE system userland (6 changes) Target / apm821xx (2 changes) Target / ar7 (1 change) Target / ar71xx (7 changes) Target / bcm53xx (4 changes) Target / brcm2708 (5 changes) Target / brcm47xx (1 change) Target / brcm63xx (2 changes) Target / imx6 (1 change) Target / ipq806x (3 changes) Target / ixp4xx (1 change) Target / lantiq (4 changes) Target / layerscape (1 change) Target / mediatek (3 changes) Target / mvebu (3 changes) Target / oxnas (1 change) Target / ramips (20 changes) Target / rb532 (1 change) Target / sunxi (1 change) Target / x86 (2 changes) Wireless / Common (1 change) Addressed bugs Security fixes LEDE v17.01.3 Changelog This changelog lists all commits done in LEDE since the v17.01.2 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.3 release. Build System / Buildroot (4 changes) 27da508 build: fix kmod package build on non-GNU systems (+1,-1) f6907dc image: fix ar71xx legacy images (+1) d33f790 treewide: fix shellscript syntax errors/typos (+10,-11) df54a8f LEDE v17.01.3: adjust config defaults (+11,-9) Build System / Feeds (1 change) df54a8f LEDE v17.01.3: adjust config defaults (+11,-9) Build System / Host Utilities (1 change) 6c03b29 firmware-utils: fix dgn3500sum compiler warnings (+3,-4) Kernel (11 changes) c03d431 kernel: backport Broadcom thermal drivers (+801) 8d3d7f6 kernel: update kernel 4.4 to 4.4.74 (+31,-31) 823d35f kernel: netfilter: fix nf-nathelper(-extra) description (+2,-2) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) 86722ab kernel: fix of_node handling in LEDs core code (+316) dc8392f kernel: backport usbport LED trigger driver support for DT (+106) ca53eff kernel: update 4.4 to 4.4.86 (+9,-9) ab305e1 kernel: update 4.4 to 4.4.87 (+2,-2) 720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35) 37e1bd2 generic: drop 704-phy-no-genphy-soft-reset.patch (-11) Packages / Boot Loaders (1 change) 671fc88 uboot-envtools: add support for ALFA Network AP121F (+1) Packages / Common (30 changes) c16326c dropbear: fix service trigger syntax error (+2,-2) 73e81a8 mbedtls: update to 2.5.1 (+27,-27) 57289ae openvpn: update to 2.4.3 (+14,-13) 73a4568 ca-certificates: Update to version 20161130+nmu1 (+3,-3) 91d41b6 dnsmasq: backport tweak ICMP ping logic for DHCPv4 (+26,-1) 74d5c3e mtd-utils: use source package name for lzo in PKG_BUILD_DEPENDS (+1,-1) 699e312 dnsmasq: backport patch fixing DNS failover (FS#841) (+31) 7ab8bf1 curl: fix CVE-2017-7407 and CVE-2017-7468 (+430,-1) b67b316 dnsmasq: backport remove ping check of configured dhcp address (+29,-1) 3e35eb1 mbedtls: Re-allow SHA1-signed certificates (+10,-1) ae3c556 tcpdump: Update to 4.9.1 (+2,-2) a006b48 dnsmasq: forward.c: fix CVE-2017-13704 (+38,-1) bd29aa1 f2fs-tools: Switch to gz tarball (+3,-3) 707a4b4 f2fs-tools: drop patch in favour of CONFIGURE_VARS (+3,-19) c3bddb4 f2fs-tools: drop musl compat patch (-10) f62a31d f2fs-tools: fix mkfs.f2fs on big-endian systems (+67,-1) a7506c0 dnsmasq: backport official fix for CVE-2017-13704 (+95,-38) 1d15a03 dnsmasq: backport arcount edns0 fix (+45,-1) 082e621 hostapd: fix iapp_interface option (+1,-1) d33f790 treewide: fix shellscript syntax errors/typos (+10,-11) a131f7c utils/tcpdump: Rework URLs (+2,-2) f66c6e1 tcpdump: bump to 4.9.2 (+41,-37) 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) 86f0e8b openvpn: add "extra-certs" option (+2,-1) 39e5cd9 ltq-vdsl: fix PM thread suspend and resume handling (+108,-1) b428f45 ltq-vdsl-mei: disable optimized firmware download (+2,-2) e232c67 mbedtls: update to 2.6.0 CVE-2017-14032 (+30,-30) f483a35 curl: fix security problems (+75,-1) a881323 ltq-vdsl-mei: revert disable optimized firmware download (+2,-2) 4b4a4af dnsmasq: bump to v2.78 (+4,-226) Packages / LEDE base files (5 changes) 761e608 base-files: fix PKG_CONFIG_DEPENDS to include version.mk entries (+2,-1) 889638c base-files: don't setup network in preinit if failsafe is disabled (+4,-1) 7f1359c base-files: fix wan6 interface config generation for pppoe (+3,-6) b8357e8 base-files: create /etc/config/ directory (+1) df54a8f LEDE v17.01.3: adjust config defaults (+11,-9) Packages / LEDE network userland (5 changes) cca765f dhcpv6: add missing dollar sign in dhcpv6 script (FS#874) (+2,-2) bb6a8b2 uclient: update to 2017-09-06 (+3,-3) ⇒ 83ce236 uclient-fetch: read_data_cb: fix a potential buffer overflow (+1,-1) ⇒ 24d6ede uclient-http: fix Host: header for literal IPv6 addresses (+9,-3) d33f790 treewide: fix shellscript syntax errors/typos (+10,-11) c92c189 odhcpd: backport fixes from master branch (FS#402, FS#524) (+3,-3) ⇒ 336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) (+62,-50) ⇒ c6f3d5d config: fix dhcpv4 server being started (+17,-6) 783465d odhcpd: don't enable server mode on non-static lan port (+18,-3) Packages / LEDE system userland (6 changes) eff3469 procd: backport fixes from master branch (+3,-3) ⇒ 2716228 procd: service gets deleted when its last instance is freed (+5,-1) ⇒ 889442c procd: Add missing \n in debug message (+1,-1) ⇒ 225b18d procd: Don't use syslog before its initialization (+1,-1) ⇒ 5131bec procd: Log initscript output prefixed with script name (+3,-2) ⇒ cd5225d procd/rcS: Use /dev/null as stdin (+6) ⇒ 6e8ea8b rcS: add missing fcntl.h include (+1) ⇒ 22f89e1 upgraded: define __GNU_SOURCE (+2) ⇒ 558ffb5 service/service_stopped(): fix a use-after-free (+1,-1) ⇒ 6b0da20 hotplug: fix a memory leak in handle_button_complete() (+4,-1) ⇒ 8fd57dd upgraded: cmake: Find and include uloop.h (+2) ⇒ 8297c38 preinit: define _GNU_SOURCE (+1) ⇒ 89918c8 system: introduce new attribute board_name (+34) 7896d7b fstools: backport fixes from master branch (+4,-60) ⇒ 34d36c2 add missing includes (+4) ⇒ be5004c libfstools: add basic documentation of mount functions (+15) ⇒ cddc830 libfstools: silence mkfs.{ext4,f2fs} (+2,-2) ⇒ d361923 build: disable the format-truncation warning error to fix gcc 7 build errors (+1,-1) ⇒ 45c2a6f libfstools: fix multiple volume_identify usages with the same volume (+3,-1) ⇒ ef2d438 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation (+1,-1) ⇒ bdcb075 libfstools: fix matching device name (+2,-3) 82b20d7 procd: backport kernel watchdog start/stop support (+3,-3) ⇒ 4dbf57a watchdog: add support for starting/stopping kernel watchdog (+74,-18) 66b071f procd: update to latest git HEAD (+3,-3) ⇒ 3e68cdf procd: Do not leak pipe file descriptors to children (+3) 4503d8b procd: update to the latest git HEAD (+3,-3) ⇒ 66be6a2 watchdog: fix inline watchdog_get_magicclose function prototype (+2,-1) d0bf257 uhttp: update to latest version (+3,-3) ⇒ e6cfc91 lua: ensure that PATH_INFO starts with a slash (+4) ⇒ a8bf9c0 uhttpd: Add TCP_FASTOPEN support (+3,-1) ⇒ fa51d7f proc: do not declare empty process variables (+1,-1) ⇒ ad93be7 auth: store parsed username and password (+31,-11) ⇒ c0a569d proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS (+5,-1) ⇒ 99957f6 file: remove unused "auth" member from struct path_info (+2,-4) ⇒ 88c0b4b file: fix basic auth regression (+9,-8) ⇒ 3fd58e9 uhttpd: add manifest support (+4,-2) Target / apm821xx (2 changes) 8d3d7f6 kernel: update kernel 4.4 to 4.4.74 (+31,-31) ca53eff kernel: update 4.4 to 4.4.86 (+9,-9) Target / ar7 (1 change) 1807a0e ar7: add NULL clock fix send upstream (+90) Target / ar71xx (7 changes) d71ffb9 ar71xx: Fix UBIFS work on Mikrotik RB95x devices (+2) d0ec502 ar71xx: set US region code for TP-Link TL-WR710N v1 image (+1) 3959110 ar71xx: add support for ALFA Network AP121F (+143) 870ca0d ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D series (+1,-1) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) ca53eff kernel: update 4.4 to 4.4.86 (+9,-9) 4151752 ar71xx: fix MAC addresses on TP-Link TL-WR1043ND v4 (+3,-2) Target / bcm53xx (4 changes) 5b0b27e bcm53xx: enable Northstar thermal driver (+5) f197a2a bcm53xx: include wpad-mini only on devices with (supported) wireless (+15,-13) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) cae20f6 bcm53xx: backport DTS commits that setup USB LEDs (+214,-1) Target / brcm2708 (5 changes) 8d3d7f6 kernel: update kernel 4.4 to 4.4.74 (+31,-31) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) ca53eff kernel: update 4.4 to 4.4.86 (+9,-9) 720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35) Target / brcm47xx (1 change) 1100bbf brcm47xx: refresh Linux 4.4 config (+8,-8) Target / brcm63xx (2 changes) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) 5e87b01 brcm63xx: add NULL clock fix send upstream (+53,-5) Target / imx6 (1 change) 8fbef4b imx6: fix DualLite/Solo GW551X board detection (+1,-1) Target / ipq806x (3 changes) 53eba6f ipq806x: fixup thermal patches (+5,-249) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) 97ebdf9 ipq806x: Archer C2600: fix switch ports numbering (+4,-1) Target / ixp4xx (1 change) ca53eff kernel: update 4.4 to 4.4.86 (+9,-9) Target / lantiq (4 changes) 5261766 lantiq: use img file extension for DGN3500 factory images (+5,-5) 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) af802bc lantiq: fix missing otg_cap on danube platform (+54,-24) 720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35) Target / layerscape (1 change) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) Target / mediatek (3 changes) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) 720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35) Target / mvebu (3 changes) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) 720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35) Target / oxnas (1 change) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) Target / ramips (20 changes) 2e206c7 ramips: fix Phicomm K1S(PSG1208) pinmux (+1,-1) 3214e17 ramips: fix Xiaomi MiWiFi Nano firmware partition size (+1,-1) ece85e2 ramips: DTS: VoCore2 improvements/fixes (+3,-22) e08b825 ramips: fix wps button gpio for DWR-512 (+1,-1) a5822db ramips: DIR-860L-B1 fix switch port numbering (+4,-1) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) 2247af8 ramips: add NULL clock fix send upstream (+43) 5e409f0 ramips: fix Mercury MAC1200R v2.0 board name (+2,-1) a943934 ramips: Archer C50v1: fix LEDs active levels (+2,-2) 8e67c35 ramips: Archer C50v1: fix switch port numbering (+4,-1) c407e6c ramips: Archer C50v1: fix power led (+1,-1) 6f4a903 ralink: fix rcu_sched stalls on mt7621 (+98) 57a8f36 ramips: add missing partitions (+57,-9) 1a050c8 ramips: build HuaWei HG255D image (+7) 48798af ramips: fix Omnima MiniEMBWiFi image (+1) 982612d ramips: ArcherC50v1: fix wlan2g MAC address (+2) ff414fb ramips: fix WHR-1166D WAN port (+1,-1) 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) 4f162ac ramips: fix hg255d LED status support (+1) 720b0e2 kernel: update 4.4 to 4.4.89 (+35,-35) Target / rb532 (1 change) 69acb25 kernel: update kernel 4.4 to version 4.4.79 (+112,-935) Target / sunxi (1 change) 3350137 sunxi: clean up modules definitions (+5,-45) Target / x86 (2 changes) 05643bd x86: enable ACPI support for the Geode subtarget (+60,-3) c047c34 x86: add missing kernel config symbols to Geode target (+2) Wireless / Common (1 change) d33f790 treewide: fix shellscript syntax errors/typos (+10,-11) Addressed bugs #402 Description: odhcpd: assign all viable DHCPv6 address in stateful+stateless mode Link: https://bugs.lede-project.org/index.php?do=details&task_id=402 Commits: c92c189 odhcpd: backport fixes from master branch (FS#402, FS#524) (+3,-3) ⇒ 336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) (+62,-50) ⇒ c6f3d5d config: fix dhcpv4 server being started (+17,-6) #524 Description: odhcpd: stateful+stateless sends M flag in RA for prefix that will not DHCPv6 Link: https://bugs.lede-project.org/index.php?do=details&task_id=524 Commits: c92c189 odhcpd: backport fixes from master branch (FS#402, FS#524) (+3,-3) ⇒ 336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) (+62,-50) ⇒ c6f3d5d config: fix dhcpv4 server being started (+17,-6) #577 Description: Poweroff command hand Geode system instead of switch off. Link: https://bugs.lede-project.org/index.php?do=details&task_id=577 Commits: 05643bd x86: enable ACPI support for the Geode subtarget (+60,-3) #622 Description: Xiaomi nano can not use 16M flash Link: https://bugs.lede-project.org/index.php?do=details&task_id=622 Commits: 3214e17 ramips: fix Xiaomi MiWiFi Nano firmware partition size (+1,-1) #670 Description: whr-1166d gigabit port not working Link: https://bugs.lede-project.org/index.php?do=details&task_id=670 Commits: ff414fb ramips: fix WHR-1166D WAN port (+1,-1) #735 Description: LEDE 17.01.1 boot loop on Asus RT-N56U ramips, rt3883 Link: https://bugs.lede-project.org/index.php?do=details&task_id=735 Commits: 2247af8 ramips: add NULL clock fix send upstream (+43) 5e87b01 brcm63xx: add NULL clock fix send upstream (+53,-5) #749 Description: EdgeRouter Lite (octeon) f2fs WARNING in segment.c Link: https://bugs.lede-project.org/index.php?do=details&task_id=749 Commits: f62a31d f2fs-tools: fix mkfs.f2fs on big-endian systems (+67,-1) #755 Description: [SUNXI] ImageBuilder fails because of kmod-eeprom-sunxi Link: https://bugs.lede-project.org/index.php?do=details&task_id=755 Commits: 3350137 sunxi: clean up modules definitions (+5,-45) #841 Description: dnsmasq cannot resolve domain name if the first upstream dns server reply code is REFUSED Link: https://bugs.lede-project.org/index.php?do=details&task_id=841 Commits: 699e312 dnsmasq: backport patch fixing DNS failover (FS#841) (+31) #843 Description: Switch port order reversed on TL-WR740N (v2.5) Link: https://bugs.lede-project.org/index.php?do=details&task_id=843 Commits: 870ca0d ar71xx: fix switch port mapping for TP-Link TL-WR74xN/D series (+1,-1) #874 Description: odhcpc6 script typo, so /etc/odhcp6c.user is called with incorrect parameter Link: https://bugs.lede-project.org/index.php?do=details&task_id=874 Commits: cca765f dhcpv6: add missing dollar sign in dhcpv6 script (FS#874) (+2,-2) #904 Description: Allnet ALL0315N crashes when updating from OpenWRT to LEDE Link: https://bugs.lede-project.org/index.php?do=details&task_id=904 Commits: f6907dc image: fix ar71xx legacy images (+1) #942 Description: openvpn-mbedtls no longer accepts SHA1 certificates Link: https://bugs.lede-project.org/index.php?do=details&task_id=942 Commits: 3e35eb1 mbedtls: Re-allow SHA1-signed certificates (+10,-1) Security fixes CVE-2017-7407 Description: The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407 Commits: 7ab8bf1 curl: fix CVE-2017-7407 and CVE-2017-7468 (+430,-1) CVE-2017-7468 Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468 Commits: 7ab8bf1 curl: fix CVE-2017-7407 and CVE-2017-7468 (+430,-1) CVE-2017-7508 Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508 Commits: 57289ae openvpn: update to 2.4.3 (+14,-13) CVE-2017-7512 Description: Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512 Commits: 57289ae openvpn: update to 2.4.3 (+14,-13) CVE-2017-7520 Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520 Commits: 57289ae openvpn: update to 2.4.3 (+14,-13) CVE-2017-7521 Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521 Commits: 57289ae openvpn: update to 2.4.3 (+14,-13) CVE-2017-7522 Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522 Commits: 57289ae openvpn: update to 2.4.3 (+14,-13) CVE-2017-7533 Description: Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533 Commits: 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) CVE-2017-11108 Description: tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11108 Commits: ae3c556 tcpdump: Update to 4.9.1 (+2,-2) CVE-2017-11541 Description: tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-11542 Description: tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-11543 Description: tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-11600 Description: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11600 Commits: ab305e1 kernel: update 4.4 to 4.4.87 (+2,-2) CVE-2017-12893 Description: The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12893 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12894 Description: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12894 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12895 Description: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12895 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12896 Description: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12896 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12897 Description: The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12897 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12898 Description: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12898 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12899 Description: The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12899 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12900 Description: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12900 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12901 Description: The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12901 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12902 Description: The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12902 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12985 Description: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12985 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12986 Description: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12986 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12987 Description: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12987 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12988 Description: The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12988 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12989 Description: The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12989 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12990 Description: The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12990 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12991 Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12991 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12992 Description: The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12992 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12993 Description: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12994 Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12994 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12995 Description: The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12995 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12996 Description: The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12996 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12997 Description: The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12997 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12998 Description: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12998 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-12999 Description: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12999 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13000 Description: The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13000 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13001 Description: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13001 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13002 Description: The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13002 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13003 Description: The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13003 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13004 Description: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13004 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13005 Description: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13005 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13006 Description: The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13006 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13007 Description: The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13007 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13008 Description: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13008 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13009 Description: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13009 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13010 Description: The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13010 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13011 Description: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13011 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13012 Description: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13012 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13013 Description: The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13013 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13014 Description: The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13014 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13015 Description: The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13015 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13016 Description: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13016 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13017 Description: The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13017 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13018 Description: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13018 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13019 Description: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13019 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13020 Description: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13020 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13021 Description: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13021 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13022 Description: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13022 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13023 Description: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13023 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13024 Description: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13024 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13025 Description: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13025 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13026 Description: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13026 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13027 Description: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13027 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13028 Description: The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13028 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13029 Description: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13029 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13030 Description: The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13030 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13031 Description: The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13031 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13032 Description: The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13032 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13033 Description: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13033 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13034 Description: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13034 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13035 Description: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13035 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13036 Description: The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13036 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13037 Description: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13037 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13038 Description: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13038 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13039 Description: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13039 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13040 Description: The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13040 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13041 Description: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13041 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13042 Description: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13042 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13043 Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13043 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13044 Description: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13044 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13045 Description: The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13045 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13046 Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13046 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13047 Description: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13047 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13048 Description: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13048 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13049 Description: The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13049 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13050 Description: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13050 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13051 Description: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13051 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13052 Description: The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13052 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13053 Description: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13053 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13054 Description: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13054 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13055 Description: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13055 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13687 Description: The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13687 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13688 Description: The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13688 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13689 Description: The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13689 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13690 Description: The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13690 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-13704 Description: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13704 Commits: a006b48 dnsmasq: forward.c: fix CVE-2017-13704 (+38,-1) a7506c0 dnsmasq: backport official fix for CVE-2017-13704 (+95,-38) CVE-2017-13725 Description: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13725 Commits: 12a0da6 tcpdump: noop commit to refer CVEs fixed in 4.9.2 (-1) CVE-2017-14032 Description: ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14032 Commits: e232c67 mbedtls: update to 2.6.0 CVE-2017-14032 (+30,-30) CVE-2017-14491 Description: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14491 Commits: 4b4a4af dnsmasq: bump to v2.78 (+4,-226) CVE-2017-14492 Description: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492 Commits: 4b4a4af dnsmasq: bump to v2.78 (+4,-226) CVE-2017-14493 Description: Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493 Commits: 4b4a4af dnsmasq: bump to v2.78 (+4,-226) CVE-2017-14494 Description: dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494 Commits: 4b4a4af dnsmasq: bump to v2.78 (+4,-226) CVE-2017-14495 Description: Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14495 Commits: 4b4a4af dnsmasq: bump to v2.78 (+4,-226) CVE-2017-14496 Description: Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14496 Commits: 4b4a4af dnsmasq: bump to v2.78 (+4,-226) CVE-2017-1000100 Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100 Commits: f483a35 curl: fix security problems (+75,-1) CVE-2017-1000101 Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101 Commits: f483a35 curl: fix security problems (+75,-1) CVE-2017-1000111 Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000111 Commits: 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) CVE-2017-1000112 Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112 Commits: 4a1b87a kernel: update 4.4 to 4.4.83 (+44,-62) This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2017/10/03 08:36by stintel