CVE-2015-2154

Publication date 24 March 2015

Last updated 24 July 2024

Ubuntu priority

Description

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tcpdump	15.04 vivid	Not affected
	14.10 utopic	Fixed 4.6.2-1ubuntu1.2
	14.04 LTS trusty	Fixed 4.5.1-2ubuntu1.2
	12.04 LTS precise	Fixed 4.2.1-1ubuntu2.2
	10.04 LTS lucid	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
tcpdump	Upstream: 364b001 Upstream: 2d26a39 Upstream: 3152237 Upstream: 546e9cf Upstream: http://www.ca.tcpdump.org/cve/0001-in-some-cases-we-expect-tcpdump-to-fail-with-an-erro.patch Upstream: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch Upstream: http://www.ca.tcpdump.org/cve/0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch

References

Related Ubuntu Security Notices (USN)

USN-2580-1
tcpdump vulnerabilities
27 April 2015