This update for tcpdump to version 4.9.0 and libpcap to version 1.8.1 fixes the several issues. These security issues were fixed in tcpdump: - CVE-2016-7922: The AH parser in tcpdump had a buffer overflow in print-ah.c:ah_print . - CVE-2016-7923: The ARP parser in tcpdump had a buffer overflow in print-arp.c:arp_print . - CVE-2016-7924: The ATM parser in tcpdump had a buffer overflow in print-atm.c:oam_print . - CVE-2016-7925: The compressed SLIP parser in tcpdump had a buffer overflow in print-sl.c:sl_if_print . - CVE-2016-7926: The Ethernet parser in tcpdump had a buffer overflow in print-ether.c:ethertype_print . - CVE-2016-7927: The IEEE 802.11 parser in tcpdump had a buffer overflow in print-802_11.c:ieee802_11_radio_print . - CVE-2016-7928: The IPComp parser in tcpdump had a buffer overflow in print-ipcomp.c:ipcomp_print . - CVE-2016-7929: The Juniper PPPoE ATM parser in tcpdump had a buffer overflow in print-juniper.c:juniper_parse_header . - CVE-2016-7930: The LLC/SNAP parser in tcpdump had a buffer overflow in print-llc.c:llc_print . - CVE-2016-7931: The MPLS parser in tcpdump had a buffer overflow in print-mpls.c:mpls_print . - CVE-2016-7932: The PIM parser in tcpdump had a buffer overflow in print-pim.c:pimv2_check_checksum . - CVE-2016-7933: The PPP parser in tcpdump had a buffer overflow in print-ppp.c:ppp_hdlc_if_print . - CVE-2016-7934: The RTCP parser in tcpdump had a buffer overflow in print-udp.c:rtcp_print . - CVE-2016-7935: The RTP parser in tcpdump had a buffer overflow in print-udp.c:rtp_print . - CVE-2016-7936: The UDP parser in tcpdump had a buffer overflow in print-udp.c:udp_print . - CVE-2016-7937: The VAT parser in tcpdump had a buffer overflow in print-udp.c:vat_print . - CVE-2016-7938: The ZeroMQ parser in tcpdump had an integer overflow in print-zeromq.c:zmtp1_print_frame . - CVE-2016-7939: The GRE parser in tcpdump had a buffer overflow in print-gre.c, multiple functions . - CVE-2016-7940: The STP parser in tcpdump had a buffer overflow in print-stp.c, multiple functions . - CVE-2016-7973: The AppleTalk parser in tcpdump had a buffer overflow in print-atalk.c, multiple functions . - CVE-2016-7974: The IP parser in tcpdump had a buffer overflow in print-ip.c, multiple functions . - CVE-2016-7975: The TCP parser in tcpdump had a buffer overflow in print-tcp.c:tcp_print . - CVE-2016-7983: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print . - CVE-2016-7984: The TFTP parser in tcpdump had a buffer overflow in print-tftp.c:tftp_print . - CVE-2016-7985: The CALM FAST parser in tcpdump had a buffer overflow in print-calm-fast.c:calm_fast_print . - CVE-2016-7986: The GeoNetworking parser in tcpdump had a buffer overflow in print-geonet.c, multiple functions . - CVE-2016-7992: The Classical IP over ATM parser in tcpdump had a buffer overflow in print-cip.c:cip_if_print . - CVE-2016-7993: A bug in util-print.c:relts_print in tcpdump could cause a buffer overflow in multiple protocol parsers . - CVE-2016-8574: The FRF.15 parser in tcpdump had a buffer overflow in print-fr.c:frf15_print . - CVE-2016-8575: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print, a different vulnerability than CVE-2017-5482 . - CVE-2017-5202: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print . - CVE-2017-5203: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print . - CVE-2017-5204: The IPv6 parser in tcpdump had a buffer overflow in print-ip6.c:ip6_print . - CVE-2017-5205: The ISAKMP parser in tcpdump had a buffer overflow in print-isakmp.c:ikev2_e_print . - CVE-2017-5341: The OTV parser in tcpdump had a buffer overflow in print-otv.c:otv_print . - CVE-2017-5342: In tcpdump a bug in multiple protocol parsers could cause a buffer overflow in print-ether.c:ether_print . - CVE-2017-5482: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print, a different vulnerability than CVE-2016-8575 . - CVE-2017-5483: The SNMP parser in tcpdump had a buffer overflow in print-snmp.c:asn1_parse . - CVE-2017-5484: The ATM parser in tcpdump had a buffer overflow in print-atm.c:sig_print . - CVE-2017-5485: The ISO CLNS parser in tcpdump had a buffer overflow in addrtoname.c:lookup_nsap . - CVE-2017-5486: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print . - CVE-2015-3138: Fixed potential denial of service in print-wb.c . - CVE-2015-0261: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a negative length value . - CVE-2015-2153: The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump allowed remote attackers to cause a denial of service via a crafted header length in an RPKI-RTR Protocol Data Unit . - CVE-2015-2154: The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump allowed remote attackers to cause a denial of service via a crafted length, offset, or base pointer checksum value . - CVE-2015-2155: The force printer in tcpdump allowed remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors . - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 when in verbose mode, allowed remote attackers to cause a denial of service via a crafted length value in an OLSR frame . - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump when run in verbose mode, allowed remote attackers to cause a denial of service via a crafted length value in a Geonet frame . - CVE-2014-8769: tcpdump might have allowed remote attackers to obtain sensitive information from memory or cause a denial of service via a crafted Ad hoc On-Demand Distance Vector packet, which triggers an out-of-bounds memory access . These non-security issues were fixed in tcpdump: - PPKI to Router Protocol: Fix Segmentation Faults and other problems - RPKI to Router Protocol: print strings with fn_printn - Added a short option "#", same as long option "--number" - nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes - M3UA decode added. - Added bittok2str. - A number of unaligned access faults fixed - The -A flag does not consider CR to be printable anymore - fx.lebail took over coverity baby sitting - Default snapshot size increased to 256K for accomodate USB captures These non-security issues were fixed in libpcap: - Provide a -devel-static subpackage that contains the static libraries and all the extra dependencies which are not needed for dynamic linking. - Fix handling of packet count in the TPACKET_V3 inner loop - Filter out duplicate looped back CAN frames. - Fix the handling of loopback filters for IPv6 packets. - Add a link-layer header type for RDS groups. - Handle all CAN captures with pcap-linux.c, in cooked mode. - Removes the need for the host-endian link-layer header type. - Have separate DLTs for big-endian and host-endian SocketCAN headers. - Properly check for sock_recv errors. - Re-impose some of Winsock"s limitations on sock_recv. - Replace sprintf with pcap_snprintf. - Fix signature of pcap_stats_ex_remote. - Have rpcap_remoteact_getsock return a SOCKET and supply an is active flag. - Clean up {DAG, Septel, Myricom SNF}-only builds. - pcap_create_interface needs the interface name on Linux. - Clean up hardware time stamp support: the any device does not support any time stamp types. - Recognize 802.1ad nested VLAN tag in vlan filter. - Support for filtering Geneve encapsulated packets. - Fix handling of zones for BPF on Solaris - Added bpf_filter1 with extensions - EBUSY can now be returned by SNFv3 code. - Don"t crash on filters testing a non-existent link-layer type field. - Fix sending in non-blocking mode on Linux with memory-mapped capture. - Fix timestamps when reading pcap-ng files on big-endian machines. - Fixes for byte order issues with NFLOG captures - Handle using cooked mode for DLT_NETLINK in activate_new.