Hi, On Wed, Jul 26, 2017 at 03:27:05PM +0300, Henri Salo wrote: > These are only issues when using older versions of libpcap. This has > been verified by me and ack'd by the researcher. For example this > setup was not affected: > > tcpdump version 4.10.0-PRE-GIT_2017_07_24 > libpcap version 1.8.1 > OpenSSL 1.0.1t 3 May 2016 > Compiled with AddressSanitizer/GCC.
Do you know which change in libpcap protects tcpdump from these issues? And which combinations of tcpdump/libpcap versions are vulnerable? If these are exploitable we definitely need to backport the protection to the libpcap in stable... Thanks, -- Romain Francoise <rfranco...@debian.org> https://people.debian.org/~rfrancoise/
