Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Dear Release Team, Please unblock tcpdump 4.6.2-5, it fixes some regressions introduced in the latest version as part of the fix for CVE-2015-2153. Full debdiff attached. Thanks! unblock tcpdump/4.6.2-5 -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (900, 'testing'), (850, 'unstable'), (800, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-rc6-ore (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diffstat for tcpdump-4.6.2 tcpdump-4.6.2 changelog | 8 +++++ patches/60_cve-2015-2153-2.diff | 54 ++++++++++++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 63 insertions(+) diff -Nru tcpdump-4.6.2/debian/changelog tcpdump-4.6.2/debian/changelog --- tcpdump-4.6.2/debian/changelog 2015-03-14 18:43:44.000000000 +0100 +++ tcpdump-4.6.2/debian/changelog 2015-04-04 19:20:52.000000000 +0200 @@ -1,3 +1,11 @@ +tcpdump (4.6.2-5) unstable; urgency=high + + * Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the + RPKI/RTR printer after the CVE-2015-2153 changes. Thanks to Artur Rona + from Ubuntu for the heads-up (closes: #781362). + + -- Romain Francoise <rfranco...@debian.org> Sat, 04 Apr 2015 19:10:27 +0200 + tcpdump (4.6.2-4) unstable; urgency=high * Cherry-pick changes from upstream Git to fix the following security diff -Nru tcpdump-4.6.2/debian/patches/60_cve-2015-2153-2.diff tcpdump-4.6.2/debian/patches/60_cve-2015-2153-2.diff --- tcpdump-4.6.2/debian/patches/60_cve-2015-2153-2.diff 1970-01-01 01:00:00.000000000 +0100 +++ tcpdump-4.6.2/debian/patches/60_cve-2015-2153-2.diff 2015-04-04 19:06:28.000000000 +0200 @@ -0,0 +1,54 @@ +Description: RPKI to Router Protocol: Fix Segmentation Faults and other problems. + - Fix/add ND_TCHECK2 tests, + - Fix a buffer overflow, + - Remove a debug printf +Origin: upstream, https://github.com/the-tcpdump-group/tcpdump/commit/fb6e5377f392555b8c725f66b8b701f0061a3695 + +diff -pruN -x '*~' tcpdump-4.6.2.orig/print-rpki-rtr.c tcpdump-4.6.2/print-rpki-rtr.c +--- tcpdump-4.6.2.orig/print-rpki-rtr.c 2015-03-22 12:55:55.349173971 +0100 ++++ tcpdump-4.6.2/print-rpki-rtr.c 2015-03-22 12:49:56.987396951 +0100 +@@ -178,7 +178,7 @@ rpki_rtr_pdu_print (netdissect_options * + pdu_header = (rpki_rtr_pdu *)tptr; + pdu_type = pdu_header->pdu_type; + pdu_len = EXTRACT_32BITS(pdu_header->length); +- ND_TCHECK2(tptr, pdu_len); ++ ND_TCHECK2(*tptr, pdu_len); + hexdump = FALSE; + + ND_PRINT((ndo, "%sRPKI-RTRv%u, %s PDU (%u), length: %u", +@@ -255,6 +255,7 @@ rpki_rtr_pdu_print (netdissect_options * + + pdu = (rpki_rtr_pdu_error_report *)tptr; + encapsulated_pdu_length = EXTRACT_32BITS(pdu->encapsulated_pdu_length); ++ ND_TCHECK2(*tptr, encapsulated_pdu_length); + tlen = pdu_len; + + error_code = EXTRACT_16BITS(pdu->pdu_header.u.error_code); +@@ -287,9 +288,10 @@ rpki_rtr_pdu_print (netdissect_options * + tptr += 4; + tlen -= 4; + } ++ ND_TCHECK2(*tptr, text_length); + if (text_length && (text_length <= tlen )) { + memcpy(buf, tptr, min(sizeof(buf)-1, text_length)); +- buf[text_length] = '\0'; ++ buf[min(sizeof(buf) - 1, text_length)] = '\0'; + ND_PRINT((ndo, "%sError text: %s", indent_string(indent+2), buf)); + } + } +@@ -336,13 +338,13 @@ rpki_rtr_print(netdissect_options *ndo, + pdu_header = (rpki_rtr_pdu *)tptr; + pdu_type = pdu_header->pdu_type; + pdu_len = EXTRACT_32BITS(pdu_header->length); ++ ND_TCHECK2(*tptr, pdu_len); + + /* infinite loop check */ + if (!pdu_type || !pdu_len) { + break; + } + +- ND_TCHECK2(*tptr, pdu_len); + if (tlen < pdu_len) { + goto trunc; + } + diff -Nru tcpdump-4.6.2/debian/patches/series tcpdump-4.6.2/debian/patches/series --- tcpdump-4.6.2/debian/patches/series 2015-03-14 18:44:30.000000000 +0100 +++ tcpdump-4.6.2/debian/patches/series 2015-04-04 19:08:59.000000000 +0200 @@ -10,5 +10,6 @@ 60_cve-2014-9140.diff 60_cve-2015-0261.diff 60_cve-2015-2153.diff +60_cve-2015-2153-2.diff 60_cve-2015-2154.diff 60_cve-2015-2155.diff
