PublicDateAtUSN: 2014-11-20
Candidate: CVE-2014-8767
PublicDate: 2014-11-20 17:50:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8767
 http://www.securityfocus.com/archive/1/534011/30/0/threaded
 https://ubuntu.com/security/notices/USN-2433-1
Description:
 Integer underflow in the olsr_print function in tcpdump 3.9.6 through
 4.6.2, when in verbose mode, allows remote attackers to cause a denial of
 service (crash) via a crafted length value in an OLSR frame.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770434
Priority: low
Discovered-by: Steffen Bauch
Assigned-to: mdeslaur
CVSS: 

Patches_tcpdump:
 upstream: https://github.com/the-tcpdump-group/tcpdump/commit/4038f83ebf654804829b258dde5e0a508c1c2003
upstream_tcpdump: released (4.6.2-2)
lucid_tcpdump: released (4.0.0-6ubuntu3.1)
precise_tcpdump: released (4.2.1-1ubuntu2.1)
trusty_tcpdump: released (4.5.1-2ubuntu1.1)
trusty/esm_tcpdump: released (4.5.1-2ubuntu1.1)
utopic_tcpdump: released (4.6.2-1ubuntu1.1)
devel_tcpdump: not-affected (4.6.2-3ubuntu1)