Advisories ยป MGASA-2015-0035

Updated aircrack-ng packages fix security vulnerabilities

Publication date: 24 Jan 2015
Modification date: 24 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8322 , CVE-2014-8323 , CVE-2014-8324

Description

Updated aircrack-ng package fixes security vulnerabilities:

A length parameter inconsistency in Aircrack-ng before 1.2-rc1 at aireplay
tcp_test() which may lead to remote code execution (CVE-2014-8322).

A missing check for data format in Aircrack-ng before 1.2-rc1 at buddy-ng
which may lead to denial of service (CVE-2014-8323).

A missing check for invalid values in Aircrack-ng before 1.2-rc1 at airserv-ng
net_get() which may lead to denial of service (CVE-2014-8324).
                

References

SRPMS

4/core