Fedora 29: tcpreplay Security Update

    Date05 Jan 2019
    CategoryFedora
    1018
    Posted ByAnthony Pell
    This release (4.3.1) contains bug fixes only: - Fix checkspell detected typos (#531) - Heap overflow packet2tree and get_l2len (#530) This is Tcpreplay suite 4.3.0 This release contains several bug fixes and enhancements: - Fix maxOS TOS checksum failure (#524) - TCP sequence edits seeding (#514) - Fix issues identifed by Codacy (#493) - CVE-2018-18408 use-after-free in post_args (#489) -
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2018-5f91054677
    2019-01-06 02:21:27.974183
    --------------------------------------------------------------------------------
    
    Name        : tcpreplay
    Product     : Fedora 29
    Version     : 4.3.1
    Release     : 1.fc29
    URL         : http://tcpreplay.appneta.com/
    Summary     : Replay captured network traffic
    Description :
    Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay
    supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep
    a tool to pre-process capture files to allow increased performance under
    certain conditions as well as capinfo which provides basic information about
    capture files.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This release (4.3.1) contains bug fixes only:  - Fix checkspell detected typos
    (#531) - Heap overflow packet2tree and get_l2len (#530)  This is Tcpreplay suite
    4.3.0  This release contains several bug fixes and enhancements:  - Fix maxOS
    TOS checksum failure (#524) - TCP sequence edits seeding (#514) - Fix issues
    identifed by Codacy (#493) - CVE-2018-18408 use-after-free in post_args (#489) -
    CVE-2018-18407 heap-buffer-overflow csum_replace4 (#488) - CVE-2018-17974 heap-
    buffer-overflow dlt_en10mb_encode (#486) - CVE-2018-17580 heap-buffer-overflow
    fast_edit_packet (#485) - CVE-2018-17582 heap-buffer-overflow in get_next_packet
    (#484) - Out-of-tree build (#482) - CVE-2018-13112 heap-buffer-overflow in
    get_l2len (#477 dup #408) - Closing stdin on pipe (#479) - Second pcap file
    hangs on multiplier option (#472) - Jumbo frame support for fragroute option
    (#466) - TCP sequence edit ACK corruption (#451) - TCP sequence number edit
    initial SYN packet should have zero ACK (#450) - Travis CI build fails due to
    new build images (#432) - Upgrade libopts to 5.18.12 to address version build
    issues (#430) - Add ability to change tcp SEQ/ACK numbers (#425) - Hang using
    loop and netmap options (#424) - tcpprep -S not working for large cache files
    (#423) - Unable to tcprewrite range of ports with --portmap (#422) - --maxsleep
    broken for values less than 1000 (#421) - -T flag breaks traffic replay timing
    (#419) - Respect 2nd packet timing (#418) - Avoid non-blocking behaviour when
    using STDIN (#416) - pcap containing >1020 packets produces invalid cache file
    (#415) - manpage typos (#413) - Fails to open tap0 on Zephyr (#411) - Heap-
    buffer-overflow in get_l2protocol (#410) - Heap-buffer-overflow in packet2tree
    (#409) - Heap-buffer-overflow in get_l2len (#408) - Heap-buffer-overflow in
    flow_decode (#407) - Rewrite zero IP total length field to match the actual
    packet length (#406) - Stack-buffer-overflow in tcpcapinfo (#405) - tcpprep
    --include option does not exclude (#404) - Negative-size-param memset in
    dlt_radiotap_get_80211 (#402) - tcpeplay --verbose option not working (#398) -
    Fix replay when using --with-testnic (#178)
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Sat Dec 29 2018 Bojan Smojver  - 4.3.1-1
    - bump up to 4.3.1
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1636599 - CVE-2018-17974 tcpreplay: heap-based buffer over-read in dlt_en10mb_encode in plugins/dlt_en10mb/en10mb.c [epel-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1636599
      [ 2 ] Bug #1635043 - CVE-2018-17582 tcpreplay: heap-based buffer over-read in the get_next_packet()  in send_packets.c [epel-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1635043
      [ 3 ] Bug #1635040 - CVE-2018-17580 tcpreplay: heap-based buffer over-read in fast_edit_packet() in file send_packets.c [epel-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1635040
      [ 4 ] Bug #1646410 - CVE-2018-18408 tcpreplay: use-after-free in post_args function in tcpbridge.c [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1646410
      [ 5 ] Bug #1646404 - CVE-2018-18407 tcpreplay:  tcpreplay: heap-based buffer over-read in csum_replace4 function in incremental_checksum.h [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1646404
      [ 6 ] Bug #1636600
            https://bugzilla.redhat.com/show_bug.cgi?id=1636600
      [ 7 ] Bug #1635042 - CVE-2018-17582 tcpreplay: heap-based buffer over-read in the get_next_packet()  in send_packets.c [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1635042
      [ 8 ] Bug #1635039 - CVE-2018-17580 tcpreplay: heap-based buffer over-read in fast_edit_packet() in file send_packets.c [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1635039
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2018-5f91054677' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.