Advisories » MGASA-2015-0363

Updated conntrack-tools packages fix CVE-2015-6496

Publication date: 13 Sep 2015
Modification date: 13 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-6496

Description

Updated conntrack-tools packages fix security vulnerability:

It was discovered that in certain configurations, if the relevant conntrack
kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or
ICMPv6 packets (CVE-2015-6496).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16588
• https://www.debian.org/security/2015/dsa-3341
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6496

SRPMS

4/core

• conntrack-tools-1.4.2-2.1.mga4

5/core

• conntrack-tools-1.4.2-6.1.mga5