FreeBSD people have found several buffer overflows in tcpdump, making it crashable from remote systems (FreeBSD-SA-00:61). The same issues apply to our versions too. Slightly reworked patch attached. [ there were two additional issues in print-icmpv6.c which looked a little dubious, I didn't look at them further, but it'd appear that spoofing in6_addr wouldn't be too easy. Like: case ICMPV6_GRPREPORT: sprintf(str, "MLD report: %s", ipv6addr_string((struct in6_addr *)(dp+1))); break; ] Also, tcpdump uses same savestr function as traceroute. The function was essential in traceroute -g 1 -g 1 hole. It could easily be replaced by strdup. Separate patch attached. Also, this might be a good time to upgrade arpwatch, and add non-root support for it (#19696) and implement an one-liner fix in #defines (#19850).
Created attachment 4796 [details] Buffer overflow patch based on FreeBSD
Created attachment 4797 [details] replace savestr with strdup, hmm?
Fixed (patches added) in tcpdump-3.4-32.
FreeBSD people just released a new advisory because they had forgot to patch a few files. Most of them (print-ppp, print-bgp,print-telnet, for instance) are ones not included in RHL version. addrtoname.c fix was already in my patch. There were a few new issues in smbutil.c, though.
Created attachment 5079 [details] smbutil.c fixups
2nd patch added in tcpdump-3.4-33 errata.