Mageia: 2018-0401 Moderate: Tcpflow Integer Overflow DoS Advisory

mageia

October 19, 2018

pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha

Summary

pdated tcpflow package fixes security vulnerability:
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory or a denial of service (CVE-2018-14938).

References

- https://bugs.mageia.org/show_bug.cgi?id=23538

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EFRZCT4UN4QXFPROASMGHI2MZ7OWZVZ2/

- https://www.cve.org/CVERecord?id=CVE-2018-14938

Topics Covered

security advisory DoS integer overflow Mageia tcpflow

Resolution

SRPMS

- 6/core/tcpflow-1.5.0-1.mga6

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 19 Oct 2018

URL: https://advisories.mageia.org/MGASA-2018-0401.html

Type: security

CVE: CVE-2018-14938

Topics Covered

security advisory DoS integer overflow Mageia tcpflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks