[Olsr-dev] tcpdump olsr_print CVE-2014-8767

Henning Rogge (spam-protected)
Sun Feb 15 21:37:15 CET 2015


Just found the following comment:

http://xforce.iss.net/xforce/xfdb/98765


5. Fix
The problem is fixed in the upcoming version tcpdump 4.7.0

So the fix is already there?

Henning

On Sun, Feb 15, 2015 at 9:34 PM, Henning Rogge <(spam-protected)> wrote:
> On Sun, Feb 15, 2015 at 9:19 PM, Saverio Proto <(spam-protected)> wrote:
>> Hello there,
>>
>> http://www.gentoo.org/security/en/glsa/glsa-201502-05.xml
>>
>> anyone here contributed to write the olsr parser in tcpdump ?
>>
>> The olsr_print function function contains an integer underflow error
>> (CVE-2014-8767)
>>
>> dont worry, the bug is in tcpdump, not in olsrd, but if someone here
>> has a patch, now it is time to merge it upstream to the tcpdump people
>
> Is there a more specific description of the problem than "integer underflow" ?
>
> Henning Rogge




More information about the Olsr-dev mailing list