Updated tcpreplay packages fixes security vulnerabilities
Publication date: 12 May 2019Modification date: 12 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-8376 , CVE-2019-8377 , CVE-2019-8381
Description
Updated tcpreplay package fixes security vulnerabilities:
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference
occurred in the function get_layer4_v6() located at get.c. This can be
triggered by sending a crafted pcap file to the tcpreplay-edit binary.
It allows an attacker to cause a Denial of Service (Segmentation fault)
or possibly have unspecified other impact (CVE-2019-8376).
An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference
occurred in the function get_ipv6_l4proto() located at get.c. This can be
triggered by sending a crafted pcap file to the tcpreplay-edit binary. It
allows an attacker to cause a Denial of Service (Segmentation fault) or
possibly have unspecified other impact (CVE-2019-8377).
An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs
in do_checksum in checksum.c. It can be triggered by sending a crafted pcap
file to the tcpreplay-edit binary. It allows an attacker to cause a Denial
of Service (Segmentation fault) or possibly have unspecified other impact
(CVE-2019-8381).
References
- https://bugs.mageia.org/show_bug.cgi?id=24581
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8376
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8377
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8381
SRPMS
6/core
- tcpreplay-4.3.2-1.mga6