From owner-freebsd-security-notifications@FreeBSD.ORG  Mon Mar  9 20:38:24 2015
Return-Path: <owner-freebsd-security-notifications@FreeBSD.ORG>
Delivered-To: FreeBSD-security-notifications@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E2782895
 for <FreeBSD-security-notifications@FreeBSD.org>;
 Mon,  9 Mar 2015 20:38:23 +0000 (UTC)
Received: from tuna.sandelman.ca (tuna.sandelman.ca
 [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9C7EC905
 for <FreeBSD-security-notifications@FreeBSD.org>;
 Mon,  9 Mar 2015 20:38:23 +0000 (UTC)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21])
 by tuna.sandelman.ca (Postfix) with ESMTP id 3DE9E2009E;
 Mon,  9 Mar 2015 16:47:20 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179)
 id 167D863784; Mon,  9 Mar 2015 16:38:20 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1])
 by sandelman.ca (Postfix) with ESMTP id ED8B963770;
 Mon,  9 Mar 2015 16:38:20 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Michal Sekletar <msekleta@redhat.com>, rfrancoise@debian.org,
 FreeBSD-security-notifications@FreeBSD.org, security-officer@NetBSD.org
Subject: tcpdump 4.7.2 remote crashes
In-Reply-To: <51A66E6E-3618-437D-BD6D-B7B04DA65471@gmail.com>
References: <EFA9FEC4-A9CF-4420-8D6F-64C38E932D26@gmail.com>
 <10669.1418399511@sandelman.ca>
 <9D939A6F-F772-4C10-A9F9-9F90DD6E5905@gmail.com>
 <17740.1418480904@sandelman.ca>
 <CAB416B2-A100-4FD3-9C9E-D4DC6EB9A706@gmail.com>
 <12897.1424029615@sandelman.ca>
 <51A66E6E-3618-437D-BD6D-B7B04DA65471@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;
 <'$9xN5Ub#
 z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 09 Mar 2015 16:38:20 -0400
Message-ID: <4820.1425933500@sandelman.ca>
Sender: mcr@sandelman.ca
X-Mailman-Approved-At: Mon, 09 Mar 2015 20:53:10 +0000
Cc: =?utf-8?Q?Fran=C3=A7ois-Xavier?= Le Bail <fx.lebail@yahoo.com>,
 Guy Harris <guy@alum.mit.edu>, Kevin Day <kevinday@gmail.com>,
 cve-assign@mitre.org
X-BeenThere: freebsd-security-notifications@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Moderated Security Notifications \[moderated,
 low volume\]" <freebsd-security-notifications.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security-notifications>, 
 <mailto:freebsd-security-notifications-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security-notifications/>
List-Post: <mailto:freebsd-security-notifications@freebsd.org>
List-Help: <mailto:freebsd-security-notifications-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications>, 
 <mailto:freebsd-security-notifications-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 20:38:24 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Hi, please find tcpdump 4.7.2 source code at:
    http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz
    http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz.sig
    (there is also a matching libpcap)

To validate the source code with the "make check" you need to have
libpcap-4.7.2 or the geneve test cases will not function.
The signature files are made by mcr@sandelman.ca, and will get replaced
with tcpdump ones once I get physical access to the key later today.

This fixes CVE-2014-9140 --- issue with PPP printer (previously notified)
           CVE-2015-0261 --- issues with IPv6 mobility printer.
           CVE-2015-2153 --- issue with tcp printer.
           CVE-2015-2154 --- issue with ethernet printer.
           CVE-2015-2155 --- issue with force printer.

There are also other issues which related to Capsicum that were
already public, as well as DECNET fixes that came in.
Our tcpdump 4.7.0 process failed (flailed?) over CVE-2014-9140,
and was never properly released.  4.7.1 was internally marked, but not
released.

A patch for tcpdump 4.3 is at:
    http://www.ca.tcpdump.org/cve/

0001-in-some-cases-we-expect-tcpdump-to-fail-with-an-erro.patch
0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch

If you require patches for other versions, please let us know.

Patch 0001 is needed only so that "make check" will function.
(tcpdump 4.3 may not detect libssl properly since ssl churn, so the ESP/IKE
test cases will fail since libssl was not detected)

Please ACK this email, and let me know when I can let this source code out.

=2D-=20
]               Never tell me the odds!                 | ipv6 mesh network=
s [=20
]   Michael Richardson, Sandelman Software Works        | network architect=
  [=20
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails  =
  [=20
=09



=20=20=20=20

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEVAwUBVP4EuYCLcPvd0N1lAQJ6UwgAntje7u8aYO82l8hJGhc+oekDabjUtT9e
OxDvHkQBjFfaEC+Kg9hdzGuzyV8TwTMpQxWFab1wB5F3DpMkYBLX/rax4OxTnsti
0+EDW2pljpTmTOGGwgQ+Vla8Xo+dyQwjSG0sbcWsZIl6HcXtsDHvnUfpqOAv7i52
Apf8/7axrRwkhjRXgcTXzPa1HN0cYipaaZtZ+hwTbJ8r4dXE1o0zZjVc1vm1nEuw
bIe4/odk4RLdJy33ugAjpfN1wYEhCBjDsiYaTTRSL7B2oAHOhTDl1/BbO70B0oEz
4W5fkVvH+Bm8hJtKVNMnKpA3KJTTgnJ2URCOCl2ELF9eaai2X3+T9g==
=3OzR
-----END PGP SIGNATURE-----
--=-=-=--