tcpdump: Fix CVE-2018-16301
authorHauke Mehrtens <hauke@hauke-m.de>
Sat, 12 Feb 2022 22:13:47 +0000 (23:13 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 12 Feb 2022 23:23:30 +0000 (00:23 +0100)
commit59e7ae8d65ab9a9315608a69565f6a4247d3b1ac
treeaf073d54614a6d329462a0b8b817e3d48de65578
parentde948a0bce56c809864b2251be741b7e07a822d0
tcpdump: Fix CVE-2018-16301

This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8f5875c4e221453932f217a82f8c3092cacba3e5)
package/network/utils/tcpdump/Makefile
package/network/utils/tcpdump/patches/102-CVE-2018-16301.patch [new file with mode: 0644]