Updated scapy packages fix security vulnerability
Publication date: 16 Jun 2020Modification date: 16 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-1010142 , CVE-2019-1010262
Description
Updated scapy packages fix security vulnerabilities:
A vulnerability was found in scapy 2.4.0 and earlier is affected by:
Denial of Services. The impact is: busy loop forever. The component
is:
_RADIUSAttrPacketListField class. The attack vector is: a packet sent
over the network or in a pcap (CVE-2019-1010262).
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite
loop, resource consumption and program unresponsive. The component is:
_RADIUSAttrPacketListField.getfield(self..). The attack vector is: over
the network or in a pcap. both work (CVE-2019-1010142).
References
- https://bugs.mageia.org/show_bug.cgi?id=25954
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GICTAGUAV4OGIAPKKWXSEVIXU7DZEJ2V/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010262
SRPMS
7/core
- scapy-2.4.0-3.1.mga7