Package: tcpdump X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: important Tags: security
Hi, the following vulnerability was published for tcpdump. CVE-2017-11541[0]: | tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print | function in print-lldp.c, related to util-print.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11541 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 Please adjust the affected versions in the BTS as needed. Note that I've not been able to reproduce the vulnerability with the pcap file provided at https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl but given this has a CVE I figured it's safer to bring this to your attention anyway.
