Advisories » MGASA-2020-0266

Updated scapy packages fix security vulnerability

Publication date: 16 Jun 2020
Modification date: 16 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-1010142 , CVE-2019-1010262

Description

Updated scapy packages fix security vulnerabilities:

A vulnerability was found in scapy 2.4.0 and earlier is affected by:
Denial of Services. The impact is: busy loop forever. The component
is:
_RADIUSAttrPacketListField class. The attack vector is: a packet sent
over the network or in a pcap (CVE-2019-1010262).

scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite
loop, resource consumption and program unresponsive. The component is:
_RADIUSAttrPacketListField.getfield(self..). The attack vector is: over
the network or in a pcap. both work (CVE-2019-1010142).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25954
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GICTAGUAV4OGIAPKKWXSEVIXU7DZEJ2V/
• https://www.cve.org/CVERecord?id=CVE-2019-1010142
• https://www.cve.org/CVERecord?id=CVE-2019-1010262

SRPMS

7/core

• scapy-2.4.0-3.1.mga7