Mageia: 2019-0264 Moderate: Tcpflow Buffer Over-Read Denial Of Service

mageia

September 12, 2019

Updated tcpflow package fixes security vulnerability: A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing inco...

Summary

Updated tcpflow package fixes security vulnerability:
A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call (CVE-2018-18409).

References

- https://bugs.mageia.org/show_bug.cgi?id=24578

- https://www.cve.org/CVERecord?id=CVE-2018-18409

Topics Covered

security advisory denial of service security fix buffer over-read mageia tcpflow

Resolution

SRPMS

- 6/core/tcpflow-1.5.2-1.mga6

Publication date: 12 Sep 2019

URL: https://advisories.mageia.org/MGASA-2019-0264.html

Type: security

CVE: CVE-2018-18409

Topics Covered

security advisory denial of service security fix buffer over-read mageia tcpflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks