Advisories » MGASA-2019-0264

Updated tcpflow packages fix security vulnerability

Publication date: 12 Sep 2019
Modification date: 12 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-18409

Description

Updated tcpflow package fixes security vulnerability:

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address_histogram call or a
get_histogram call (CVE-2018-18409).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24578
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18409

SRPMS

6/core

• tcpflow-1.5.2-1.mga6