CVE-2019-15165

Priority
Description
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB
header length before allocating memory.
Notes
sbeattiethis is likely actually fixed by
617b12c0339db4891d117b661982126c495439ea
see github issue about CVE ID confusion
but whatever, can't get a straight answer out of upstream, so
will use this CVE ID for the issue that touches sf-pcapng.c
Package
Upstream:released (1.9.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.1.1-10ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.5.3-2ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.7.4-2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.8.1-6ubuntu1.18.04.1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1.9.1-2)
Patches:
Upstream:https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
Upstream:https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
More Information

Updated: 2020-07-28 20:06:48 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)