--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-680ea95f71
2022-09-04 22:56:03.504064
--------------------------------------------------------------------------------Name        : tcpreplay
Product     : Fedora 35
Version     : 4.4.2
Release     : 1.fc35
URL         : http://tcpreplay.appneta.com/
Summary     : Replay captured network traffic
Description :
Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay
supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep
a tool to pre-process capture files to allow increased performance under
certain conditions as well as capinfo which provides basic information about
capture files.

--------------------------------------------------------------------------------Update Information:

This is Tcpreplay suite 4.4.2  This release contains bug fixes only. What's
changed:  - Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen
in #738 - Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721 - Bug
#717 avoid assertion in get_layer4_v6 by @fklassen in #739 - Bug #718 improved
heap-overflow protection by @fklassen in #740 - Bug #719 better overflow
protection in parse_mpls by @fklassen in #741 - Bug #725 FORCE_ALIGN on arm by
@fklassen in #742 - Bug #729 tcpreplay_edit: disallow both -K and -l options by
@fklassen in #743 - Bug #735 heap-overflow in get_l2len_protocol by @fklassen in
#744 - Bug #745 remove autogen.sh from distribution tarballs by @fklassen in
#747
--------------------------------------------------------------------------------ChangeLog:

* Sat Aug 27 2022 Bojan Smojver  - 4.4.2-1
- bump up to 4.4.2
* Sat Jul 23 2022 Fedora Release Engineering  - 4.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2071668 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071668
  [ 2 ] Bug #2071669 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071669
  [ 3 ] Bug #2071673 - CVE-2022-27940 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071673
  [ 4 ] Bug #2071716 - CVE-2022-27941 tcpreplay: VUL-0: CVE-2022-27941: tcpreplay: tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071716
  [ 5 ] Bug #2071721 - CVE-2022-27942 tcpreplay: CVE-2022-27942: tcpreplay: tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071721
  [ 6 ] Bug #2081861 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2081861
  [ 7 ] Bug #2081862 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2081862
  [ 8 ] Bug #2123235 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123235
  [ 9 ] Bug #2123236 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123236
  [ 10 ] Bug #2123237 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123237
  [ 11 ] Bug #2123238 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123238
  [ 12 ] Bug #2123239 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123239
  [ 13 ] Bug #2123240 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123240
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-680ea95f71' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 35: tcpreplay 2022-680ea95f71

September 4, 2022
This is Tcpreplay suite 4.4.2 This release contains bug fixes only

Summary

Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay

supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep

a tool to pre-process capture files to allow increased performance under

certain conditions as well as capinfo which provides basic information about

capture files.

This is Tcpreplay suite 4.4.2 This release contains bug fixes only. What's

changed: - Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen

in #738 - Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721 - Bug

#717 avoid assertion in get_layer4_v6 by @fklassen in #739 - Bug #718 improved

heap-overflow protection by @fklassen in #740 - Bug #719 better overflow

protection in parse_mpls by @fklassen in #741 - Bug #725 FORCE_ALIGN on arm by

@fklassen in #742 - Bug #729 tcpreplay_edit: disallow both -K and -l options by

@fklassen in #743 - Bug #735 heap-overflow in get_l2len_protocol by @fklassen in

#744 - Bug #745 remove autogen.sh from distribution tarballs by @fklassen in

#747

* Sat Aug 27 2022 Bojan Smojver - 4.4.2-1

- bump up to 4.4.2

* Sat Jul 23 2022 Fedora Release Engineering - 4.4.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

[ 1 ] Bug #2071668 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2071668

[ 2 ] Bug #2071669 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2071669

[ 3 ] Bug #2071673 - CVE-2022-27940 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-8]

https://bugzilla.redhat.com/show_bug.cgi?id=2071673

[ 4 ] Bug #2071716 - CVE-2022-27941 tcpreplay: VUL-0: CVE-2022-27941: tcpreplay: tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. [epel-8]

https://bugzilla.redhat.com/show_bug.cgi?id=2071716

[ 5 ] Bug #2071721 - CVE-2022-27942 tcpreplay: CVE-2022-27942: tcpreplay: tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. [epel-8]

https://bugzilla.redhat.com/show_bug.cgi?id=2071721

[ 6 ] Bug #2081861 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2081861

[ 7 ] Bug #2081862 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2081862

[ 8 ] Bug #2123235 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123235

[ 9 ] Bug #2123236 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123236

[ 10 ] Bug #2123237 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123237

[ 11 ] Bug #2123238 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123238

[ 12 ] Bug #2123239 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123239

[ 13 ] Bug #2123240 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123240

su -c 'dnf upgrade --advisory FEDORA-2022-680ea95f71' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: https://pagure.io/login/

FEDORA-2022-680ea95f71 2022-09-04 22:56:03.504064 Product : Fedora 35 Version : 4.4.2 Release : 1.fc35 URL : http://tcpreplay.appneta.com/ Summary : Replay captured network traffic Description : Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep a tool to pre-process capture files to allow increased performance under certain conditions as well as capinfo which provides basic information about capture files. This is Tcpreplay suite 4.4.2 This release contains bug fixes only. What's changed: - Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen in #738 - Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721 - Bug #717 avoid assertion in get_layer4_v6 by @fklassen in #739 - Bug #718 improved heap-overflow protection by @fklassen in #740 - Bug #719 better overflow protection in parse_mpls by @fklassen in #741 - Bug #725 FORCE_ALIGN on arm by @fklassen in #742 - Bug #729 tcpreplay_edit: disallow both -K and -l options by @fklassen in #743 - Bug #735 heap-overflow in get_l2len_protocol by @fklassen in #744 - Bug #745 remove autogen.sh from distribution tarballs by @fklassen in #747 * Sat Aug 27 2022 Bojan Smojver - 4.4.2-1 - bump up to 4.4.2 * Sat Jul 23 2022 Fedora Release Engineering - 4.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild [ 1 ] Bug #2071668 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2071668 [ 2 ] Bug #2071669 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2071669 [ 3 ] Bug #2071673 - CVE-2022-27940 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2071673 [ 4 ] Bug #2071716 - CVE-2022-27941 tcpreplay: VUL-0: CVE-2022-27941: tcpreplay: tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2071716 [ 5 ] Bug #2071721 - CVE-2022-27942 tcpreplay: CVE-2022-27942: tcpreplay: tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2071721 [ 6 ] Bug #2081861 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2081861 [ 7 ] Bug #2081862 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2081862 [ 8 ] Bug #2123235 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123235 [ 9 ] Bug #2123236 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123236 [ 10 ] Bug #2123237 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123237 [ 11 ] Bug #2123238 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123238 [ 12 ] Bug #2123239 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123239 [ 13 ] Bug #2123240 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123240 su -c 'dnf upgrade --advisory FEDORA-2022-680ea95f71' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/

Change Log

References

Update Instructions

Severity
Product : Fedora 35
Version : 4.4.2
Release : 1.fc35
URL : http://tcpreplay.appneta.com/
Summary : Replay captured network traffic

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved