Fedora 31: tcpreplay FEDORA-2020-256ac53cc7

    Date 24 Jun 2020
    141
    Posted By LinuxSecurity Advisories
    This release contains bug fixes only (which includes security fixes): - Increase cache buffers size to accomodate VLAN edits (#594) - Correct L2 header length to correct IP header offset (#583) - Fix warnings from gcc version 10 (#580) - Heap Buffer Overflow in randomize_iparp (#579) - Use after free in get_ipv6_next (#578) - Heap Buffer Overflow in git_ipv6_next (#576) - Call
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-256ac53cc7
    2020-06-25 01:09:25.301176
    --------------------------------------------------------------------------------
    
    Name        : tcpreplay
    Product     : Fedora 31
    Version     : 4.3.3
    Release     : 1.fc31
    URL         : https://tcpreplay.appneta.com/
    Summary     : Replay captured network traffic
    Description :
    Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay
    supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep
    a tool to pre-process capture files to allow increased performance under
    certain conditions as well as capinfo which provides basic information about
    capture files.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This release contains bug fixes only (which includes security fixes):  -
    Increase cache buffers size to accomodate VLAN edits (#594) - Correct L2 header
    length to correct IP header offset (#583) - Fix warnings from gcc version 10
    (#580) - Heap Buffer Overflow in randomize_iparp (#579) - Use after free in
    get_ipv6_next (#578) - Heap Buffer Overflow in git_ipv6_next (#576) - Call
    pcap_freecode() on pcap_compile() (#572) - Increase max snaplen to 262144 (#571)
    - Fix divide by zero in fuzzing (#570) - Unique IP repeats at very high
    iteration counts (#566) - Fails to compile on FreeBSD amd64 13.0 (#558) - Heap
    Buffer Overflow in do_checksum (#556) (#577) - Attempt to correct corrupt pcap
    files, if possible (#557) - Fix GCC v10 warnings (#555) - Remove some duplicated
    SOURCES entries (#551) - Expand /dev/bpfX hard limit to fix macOS Mojave (#550)
    - Implement --loopdelay-ms when using --loop=0 (#546) - Heap overflow
    packet2tree and get_l2len (#530)
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Mon Jun 15 2020 Bojan Smojver  - 4.3.3-1
    - bump up to 4.3.3
    - CVE-2020-12740
    * Fri Jan 31 2020 Fedora Release Engineering  - 4.3.2-3
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1678246 - CVE-2019-8377 tcpreplay: null pointer dereference in function get_ipv6_l4proto() in get.c [epel-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1678246
      [ 2 ] Bug #1835343 - CVE-2020-12740 tcpreplay: Heap-based buffer over-read in function get_ipv6_next() at common/get.c [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1835343
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-256ac53cc7' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"3","type":"x","order":"1","pct":37.5,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"4","type":"x","order":"2","pct":50,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.