Updated aircrack-ng packages fix security vulnerabilities
Publication date: 24 Jan 2015Modification date: 24 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8322 , CVE-2014-8323 , CVE-2014-8324
Description
Updated aircrack-ng package fixes security vulnerabilities: A length parameter inconsistency in Aircrack-ng before 1.2-rc1 at aireplay tcp_test() which may lead to remote code execution (CVE-2014-8322). A missing check for data format in Aircrack-ng before 1.2-rc1 at buddy-ng which may lead to denial of service (CVE-2014-8323). A missing check for invalid values in Aircrack-ng before 1.2-rc1 at airserv-ng net_get() which may lead to denial of service (CVE-2014-8324).
References
- https://bugs.mageia.org/show_bug.cgi?id=14557
- https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1401/
- https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143595.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8324
SRPMS
4/core
- aircrack-ng-1.1-7.2.mga4