Arch Linux Security Advisory ASA-201504-20 ========================================== Severity: Low Date : 2015-04-20 CVE-ID : CVE-2015-3138 Package : tcpdump Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package tcpdump before version 4.7.3-2 is vulnerable to denial of service. Resolution ========== Upgrade to 4.7.3-2. # pacman -Syu "tcpdump>=4.7.3-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A vulnerability was discovered in print-wb.c that is leading to a segmentation fault triggered through feeding into tcpdump a crafted packet, either from a live network interface or from a .pcap file. Impact ====== A remote attacker is able to send specially crafted packets to cause a segmentation fault leading to denial of service. References ========== https://access.redhat.com/security/cve/CVE-2015-3138 https://github.com/the-tcpdump-group/tcpdump/issues/446