import tcpdump-4.9.2-6.el8

2020-04-28 04:48:30 -04:00 · 2020-04-28 04:48:30 -04:00 · e3522ce926
commit e3522ce926
parent e0f3faf9f8
2 changed files with 35 additions and 3 deletions
--- a/SOURCES/0014-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch
+++ b/SOURCES/0014-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch
@ -0,0 +1,26 @@
+From bbae61cda27b8d565456c95a697d9e7ed3298937 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 8 Oct 2019 14:32:32 +0200
+Subject: [PATCH] 
+ 0015-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch
+
+---
+ print-hncp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/print-hncp.c b/print-hncp.c
+index 11a6a93..7537a0d 100644
+--- a/print-hncp.c
+++ b/print-hncp.c
+@@ -229,6 +229,8 @@ print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length)
+         plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
+     } else {
+         plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
+        if (plenbytes < 0)
+            return plenbytes;
+     }
+ 
+     ND_PRINT((ndo, "%s", buf));
+-- 
+2.21.0
+
--- a/SPECS/tcpdump.spec
+++ b/SPECS/tcpdump.spec
@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool
 Name: tcpdump
 Epoch: 14
 Version: 4.9.2
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: BSD with advertising
 URL: http://www.tcpdump.org
 Group: Applications/Internet
@ -26,6 +26,7 @@ Patch0010:      0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch
 Patch0011:      0011-Evp-cipher-buffers.patch
 Patch0012:      0012-Add-printing-support-for-vsockmon-devices.patch
 Patch0013:      0013-tcpslice-stdlib.patch
+Patch0014:      0014-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch

 %define tcpslice_dir tcpslice-1.2a3

@ -74,8 +75,10 @@ sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' \
 	${RPM_BUILD_ROOT}%{_mandir}/man8/*

 %pre
-/usr/sbin/groupadd -g 72 tcpdump 2> /dev/null
-/usr/sbin/useradd -u 72 -g 72 -s /sbin/nologin -M -r \
+/usr/bin/getent group tcpdump >/dev/null || /usr/sbin/groupadd \
+	-g 72 tcpdump 2> /dev/null
+/usr/bin/getent passwd tcpdump >/dev/null || /usr/sbin/useradd \
+	-u 72 -g 72 -s /sbin/nologin -M -r \
 	-d / tcpdump 2> /dev/null
 exit 0

@ -89,6 +92,9 @@ exit 0
 %{_mandir}/man8/tcpdump.8*

 %changelog
+* Tue Oct 29 2019 Michal Ruprich <mruprich@redhat.com> - 14:4.9.2-6
+- Resolves: #1715423 - tcpdump pre creates user and groups unconditionally
+- Resolves: #1655622 - CVE-2018-19519 Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap
 * Wed Sep 26 2018 Michal Ruprich <mruprich@redhat.com> - 14:4.9.2-5
 - Resolves: #1602710 - Please review important issues found by covscan