tcpdump: Fix CVE-2018-16301

This fixes the following security problem: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 8f5875c4e221453932f217a82f8c3092cacba3e5)
author: Hauke Mehrtens <hauke@hauke-m.de> 2022-02-12 23:13:47 +0100
committer: Hauke Mehrtens <hauke@hauke-m.de> 2022-02-13 00:23:30 +0100
commit: 59e7ae8d65ab9a9315608a69565f6a4247d3b1ac (patch)
tree: af073d54614a6d329462a0b8b817e3d48de65578 /package/network/utils/tcpdump/Makefile
parent: de948a0bce56c809864b2251be741b7e07a822d0 (diff)
download: upstream-59e7ae8d65ab9a9315608a69565f6a4247d3b1ac.tar.gz
upstream-59e7ae8d65ab9a9315608a69565f6a4247d3b1ac.tar.bz2
upstream-59e7ae8d65ab9a9315608a69565f6a4247d3b1ac.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile
index a14fb9a1b7..f14f86e9a3 100644
--- a/package/network/utils/tcpdump/Makefile
+++ b/package/network/utils/tcpdump/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tcpdump
 PKG_VERSION:=4.9.3
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.tcpdump.org/release/
author	Hauke Mehrtens <hauke@hauke-m.de>	2022-02-12 23:13:47 +0100
committer	Hauke Mehrtens <hauke@hauke-m.de>	2022-02-13 00:23:30 +0100
commit	59e7ae8d65ab9a9315608a69565f6a4247d3b1ac (patch)
tree	af073d54614a6d329462a0b8b817e3d48de65578 /package/network/utils/tcpdump/Makefile
parent	de948a0bce56c809864b2251be741b7e07a822d0 (diff)
download	upstream-59e7ae8d65ab9a9315608a69565f6a4247d3b1ac.tar.gz upstream-59e7ae8d65ab9a9315608a69565f6a4247d3b1ac.tar.bz2 upstream-59e7ae8d65ab9a9315608a69565f6a4247d3b1ac.zip