[USN-5331-2] tcpdump vulnerabilities


========================================================================== Ubuntu Security Notice USN-5331-2 April 11, 2022
tcpdump vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in tcpdump.
Software Description: – tcpdump: command-line network traffic analyzer
Details:
USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-16301)
It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8037)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: tcpdump 4.9.3-4ubuntu0.1
Ubuntu 18.04 LTS: tcpdump 4.9.3-0ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5331-2 ubuntu.com/security/notices/USN-5331-1 CVE-2018-16301, CVE-2020-8037
Package Information: launchpad.net/ubuntu/+source/tcpdump/4.9.3-4ubuntu0.1 launchpad.net/ubuntu/+source/tcpdump/4.9.3-0ubuntu0.18.04.2