Comment 0 for bug 1444363
Revision history for this message
| Páll Haraldsson (pall-haraldsson) wrote | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Seeing:
http://
"before 4.7.2 [..] denial of service (crash) and possibly execute arbitrary code"
it seems the fix has not been applied.
There is also CVE-2015-2153 and more (possibly):
https:/
I was looking into this tcpdump out of curiosity as I have this:
Changes for tcpdump versions:
Installed version: 4.5.1-2ubuntu1
Available version: 4.5.1-2ubuntu1.1
The CVE(s) I listed do not seem to be there. I guess I do not need to be very worried about those missing or the CVEs I get in the fix as/if I do not use tcpdump. My understanding is right that it is only a monitoring tool and *I* need to run it and then an attacker could attack me (the system would never have to start it?!)?
Anyway, others might be worried about these things or should. In 14.04, the version number 4.5.1, is that something to worry about? I *assume* "before 4.7.2" means versions all those upstream versions and they are not fixed, but Ubuntu backports/fixes them?