Fedora 37: tcpreplay 2022-d31a521866 | LinuxSecurity.com

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 251

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-d31a521866
2022-09-12 17:36:48.817969
--------------------------------------------------------------------------------

Name        : tcpreplay
Product     : Fedora 37
Version     : 4.4.2
Release     : 1.fc37
URL         : https://tcpreplay.appneta.com/
Summary     : Replay captured network traffic
Description :
Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay
supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep
a tool to pre-process capture files to allow increased performance under
certain conditions as well as capinfo which provides basic information about
capture files.

--------------------------------------------------------------------------------
Update Information:

This is Tcpreplay suite 4.4.2  This release contains bug fixes only. What's
changed:  - Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen
in #738 - Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721 - Bug
#717 avoid assertion in get_layer4_v6 by @fklassen in #739 - Bug #718 improved
heap-overflow protection by @fklassen in #740 - Bug #719 better overflow
protection in parse_mpls by @fklassen in #741 - Bug #725 FORCE_ALIGN on arm by
@fklassen in #742 - Bug #729 tcpreplay_edit: disallow both -K and -l options by
@fklassen in #743 - Bug #735 heap-overflow in get_l2len_protocol by @fklassen in
#744 - Bug #745 remove autogen.sh from distribution tarballs by @fklassen in
#747
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 27 2022 Bojan Smojver  - 4.4.2-1
- bump up to 4.4.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2071668 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071668
  [ 2 ] Bug #2071669 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071669
  [ 3 ] Bug #2071673 - CVE-2022-27940 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071673
  [ 4 ] Bug #2071716 - CVE-2022-27941 tcpreplay: VUL-0: CVE-2022-27941: tcpreplay: tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071716
  [ 5 ] Bug #2071721 - CVE-2022-27942 tcpreplay: CVE-2022-27942: tcpreplay: tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2071721
  [ 6 ] Bug #2081861 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2081861
  [ 7 ] Bug #2081862 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2081862
  [ 8 ] Bug #2123235 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123235
  [ 9 ] Bug #2123236 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123236
  [ 10 ] Bug #2123237 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123237
  [ 11 ] Bug #2123238 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123238
  [ 12 ] Bug #2123239 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123239
  [ 13 ] Bug #2123240 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2123240
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-d31a521866' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: tcpreplay 2022-d31a521866

September 12, 2022
This is Tcpreplay suite 4.4.2 This release contains bug fixes only

Summary

Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay

supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep

a tool to pre-process capture files to allow increased performance under

certain conditions as well as capinfo which provides basic information about

capture files.

Update Information:

This is Tcpreplay suite 4.4.2 This release contains bug fixes only. What's changed: - Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen in #738 - Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721 - Bug #717 avoid assertion in get_layer4_v6 by @fklassen in #739 - Bug #718 improved heap-overflow protection by @fklassen in #740 - Bug #719 better overflow protection in parse_mpls by @fklassen in #741 - Bug #725 FORCE_ALIGN on arm by @fklassen in #742 - Bug #729 tcpreplay_edit: disallow both -K and -l options by @fklassen in #743 - Bug #735 heap-overflow in get_l2len_protocol by @fklassen in #744 - Bug #745 remove autogen.sh from distribution tarballs by @fklassen in #747

Change Log

* Sat Aug 27 2022 Bojan Smojver - 4.4.2-1 - bump up to 4.4.2

References

[ 1 ] Bug #2071668 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2071668 [ 2 ] Bug #2071669 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2071669 [ 3 ] Bug #2071673 - CVE-2022-27940 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2071673 [ 4 ] Bug #2071716 - CVE-2022-27941 tcpreplay: VUL-0: CVE-2022-27941: tcpreplay: tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2071716 [ 5 ] Bug #2071721 - CVE-2022-27942 tcpreplay: CVE-2022-27942: tcpreplay: tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2071721 [ 6 ] Bug #2081861 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2081861 [ 7 ] Bug #2081862 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2081862 [ 8 ] Bug #2123235 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123235 [ 9 ] Bug #2123236 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123236 [ 10 ] Bug #2123237 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123237 [ 11 ] Bug #2123238 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123238 [ 12 ] Bug #2123239 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123239 [ 13 ] Bug #2123240 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2123240

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-d31a521866' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : tcpreplay
Product : Fedora 37
Version : 4.4.2
Release : 1.fc37
URL : https://tcpreplay.appneta.com/
Summary : Replay captured network traffic

News

Advisories

HOWTOs

Features

Official Guide on Rocky Linux & How to Install It
Business VPNs: Now More Important Than Ever
Linux Log Analysis
Does Linux Need a Firewall & How To Configure the Linux Firewall with firewall-cmd
What You Need to Know when Considering a VPN on Linux

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy