Fedora 38: 2023-e42b771978 Minor: Nginx Security Patches

Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay

supports pcap (tcpdump) and snoop capture formats. Also included, is tcpprep

a tool to pre-process capture files to allow increased performance under

certain conditions as well as capinfo which provides basic information about

capture files.

This is Tcpreplay suite 4.4.2 This release contains bug fixes only. What's

changed: - Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen

in #738 - Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721 - Bug

#717 avoid assertion in get_layer4_v6 by @fklassen in #739 - Bug #718 improved

heap-overflow protection by @fklassen in #740 - Bug #719 better overflow

protection in parse_mpls by @fklassen in #741 - Bug #725 FORCE_ALIGN on arm by

@fklassen in #742 - Bug #729 tcpreplay_edit: disallow both -K and -l options by

@fklassen in #743 - Bug #735 heap-overflow in get_l2len_protocol by @fklassen in

#744 - Bug #745 remove autogen.sh from distribution tarballs by @fklassen in

#747

* Sat Aug 27 2022 Bojan Smojver - 4.4.2-1

- bump up to 4.4.2

[ 1 ] Bug #2071668 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2071668

[ 2 ] Bug #2071669 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2071669

[ 3 ] Bug #2071673 - CVE-2022-27940 tcpreplay: net-analyzer/tcpreplay: multiple vulnerabilities [epel-8]

https://bugzilla.redhat.com/show_bug.cgi?id=2071673

[ 4 ] Bug #2071716 - CVE-2022-27941 tcpreplay: VUL-0: CVE-2022-27941: tcpreplay: tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. [epel-8]

https://bugzilla.redhat.com/show_bug.cgi?id=2071716

[ 5 ] Bug #2071721 - CVE-2022-27942 tcpreplay: CVE-2022-27942: tcpreplay: tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. [epel-8]

https://bugzilla.redhat.com/show_bug.cgi?id=2071721

[ 6 ] Bug #2081861 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2081861

[ 7 ] Bug #2081862 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums() function [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2081862

[ 8 ] Bug #2123235 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123235

[ 9 ] Bug #2123236 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123236

[ 10 ] Bug #2123237 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123237

[ 11 ] Bug #2123238 - CVE-2022-37047 tcpreplay: heap-based buffer overflow in get_ipv6_next at common/get.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123238

[ 12 ] Bug #2123239 - CVE-2022-37048 tcpreplay: heap-based buffer overflow in get_l2len_protocol at common/get.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123239

[ 13 ] Bug #2123240 - CVE-2022-37049 tcpreplay: heap-based buffer overflow in parse_mpls at common/get.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2123240

su -c 'dnf upgrade --advisory FEDORA-2022-d31a521866' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: