From 6f313d7ccaa1da11600c757093922c5c0bd806b2 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Sat, 8 Dec 2018 17:22:08 +0000 Subject: user/tcpdump: fix CVE-2018-19519 --- user/tcpdump/APKBUILD | 13 ++++++++++--- user/tcpdump/CVE-2018-19519.patch | 10 ++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 user/tcpdump/CVE-2018-19519.patch (limited to 'user/tcpdump') diff --git a/user/tcpdump/APKBUILD b/user/tcpdump/APKBUILD index c5f4203e7..7adeefa35 100644 --- a/user/tcpdump/APKBUILD +++ b/user/tcpdump/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Dan Theisen pkgname=tcpdump pkgver=4.9.2 -pkgrel=0 +pkgrel=1 pkgdesc="A tool for network monitoring and data acquisition" url="http://www.tcpdump.org" arch="all" @@ -10,7 +10,13 @@ license="BSD-3-Clause" depends="" makedepends="libpcap-dev openssl-dev perl" subpackages="$pkgname-doc" -source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz" +source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz + CVE-2018-19519.patch + " + +# secfixes: +# 4.9.2-r1: +# - CVE-2018-19519 build () { cd "$builddir" @@ -35,4 +41,5 @@ package() { rm -f "$pkgdir"/usr/sbin/tcpdump.4* } -sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz" +sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz +eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e CVE-2018-19519.patch" diff --git a/user/tcpdump/CVE-2018-19519.patch b/user/tcpdump/CVE-2018-19519.patch new file mode 100644 index 000000000..ac3293927 --- /dev/null +++ b/user/tcpdump/CVE-2018-19519.patch @@ -0,0 +1,10 @@ +--- tcpdump-4.9.2/print-hncp.c.old 2017-09-03 23:17:14.000000000 +0000 ++++ tcpdump-4.9.2/print-hncp.c 2018-12-07 19:31:24.360000000 +0000 +@@ -228,6 +228,7 @@ + snprintf(buf, sizeof(buf), "%s/%d", ipaddr_string(ndo, &addr), plen); + plenbytes += 1 + IPV4_MAPPED_HEADING_LEN; + } else { ++ buf[0] = '\0'; + plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf)); + } + -- cgit v1.2.3-70-g09d2