What Are You Looking For?

Sign Up
MGASA-2018-0401 - Updated tcpflow packages fix security vulnerability

Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0401.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-14938

pdated tcpflow package fixes security vulnerability:

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through
1.5.0-alpha. There is an integer overflow in the function handle_prism
during caplen processing. If the caplen is less than 144, one can cause
an integer overflow in the function handle_80211, which will result in
an out-of-bounds read and may allow access to sensitive memory or a
denial of service (CVE-2018-14938).

References:
- https://bugs.mageia.org/show_bug.cgi?id=23538
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EFRZCT4UN4QXFPROASMGHI2MZ7OWZVZ2/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14938

SRPMS:
- 6/core/tcpflow-1.5.0-1.mga6

Mageia 2018-0401: tcpflow security update

pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha

Summary

pdated tcpflow package fixes security vulnerability:
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory or a denial of service (CVE-2018-14938).

References

- https://bugs.mageia.org/show_bug.cgi?id=23538

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EFRZCT4UN4QXFPROASMGHI2MZ7OWZVZ2/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14938

Resolution

MGASA-2018-0401 - Updated tcpflow packages fix security vulnerability

SRPMS

- 6/core/tcpflow-1.5.0-1.mga6

Severity
Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0401.html
Type: security
CVE: CVE-2018-14938

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo