MGASA-2020-0266 - Updated scapy packages fix security vulnerability
Publication date: 16 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0266.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-1010142,
CVE-2019-1010262
Updated scapy packages fix security vulnerabilities:
A vulnerability was found in scapy 2.4.0 and earlier is affected by:
Denial of Services. The impact is: busy loop forever. The component
is:
_RADIUSAttrPacketListField class. The attack vector is: a packet sent
over the network or in a pcap (CVE-2019-1010262).
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite
loop, resource consumption and program unresponsive. The component is:
_RADIUSAttrPacketListField.getfield(self..). The attack vector is: over
the network or in a pcap. both work (CVE-2019-1010142).
References:
- https://bugs.mageia.org/show_bug.cgi?id=25954
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GICTAGUAV4OGIAPKKWXSEVIXU7DZEJ2V/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010262
SRPMS:
- 7/core/scapy-2.4.0-3.1.mga7
Mageia 2020-0266: scapy security update
Updated scapy packages fix security vulnerabilities: A vulnerability was found in scapy 2.4.0 and earlier is affected by: Denial of Services
Summary
Updated scapy packages fix security vulnerabilities:
A vulnerability was found in scapy 2.4.0 and earlier is affected by:
Denial of Services. The impact is: busy loop forever. The component
is:
_RADIUSAttrPacketListField class. The attack vector is: a packet sent
over the network or in a pcap (CVE-2019-1010262).
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite
loop, resource consumption and program unresponsive. The component is:
_RADIUSAttrPacketListField.getfield(self..). The attack vector is: over
the network or in a pcap. both work (CVE-2019-1010142).
References
- https://bugs.mageia.org/show_bug.cgi?id=25954
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GICTAGUAV4OGIAPKKWXSEVIXU7DZEJ2V/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010262
Resolution
MGASA-2020-0266 - Updated scapy packages fix security vulnerability
SRPMS
- 7/core/scapy-2.4.0-3.1.mga7
Severity
Publication date: 16 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0266.html
Type: security
CVE: CVE-2019-1010142,
CVE-2019-1010262
News
HOWTOs
About Us
Powered By
