Advisories » MGASA-2016-0247

Updated tcpreplay packages fixes CVE-2016-6160

Publication date: 08 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6160

Description

Updated tcpreplay package fixes security vulnerability:

The tcprewrite program, part of the tcpreplay suite, does not check the size of
the frames it processes. Huge frames may trigger a segmentation fault, and they
occur on interfaces with an MTU of or close to 65536. For example, the loopback
interface lo of the Linux kernel has such a value (CVE-2016-6160).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18870
• http://openwall.com/lists/oss-security/2016/07/05/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6160

SRPMS

5/core

• tcpreplay-3.4.4-6.1.mga5