Mageia: 2020-0266 Critical: Scapy Denial Of Service Issues
mageia
June 16, 2020
Updated scapy packages fix security vulnerabilities: A vulnerability was found in scapy 2.4.0 and earlier is affected by: Denial of Services
Summary
Updated scapy packages fix security vulnerabilities:
A vulnerability was found in scapy 2.4.0 and earlier is affected by:
Denial of Services. The impact is: busy loop forever. The component
is:
_RADIUSAttrPacketListField class. The attack vector is: a packet sent
over the network or in a pcap (CVE-2019-1010262).
scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite
loop, resource consumption and program unresponsive. The component is:
_RADIUSAttrPacketListField.getfield(self..). The attack vector is: over
the network or in a pcap. both work (CVE-2019-1010142).
References
- https://bugs.mageia.org/show_bug.cgi?id=25954
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GICTAGUAV4OGIAPKKWXSEVIXU7DZEJ2V/
- https://www.cve.org/CVERecord?id=CVE-2019-1010142
- https://www.cve.org/CVERecord?id=CVE-2019-1010262
Resolution
SRPMS
- 7/core/scapy-2.4.0-3.1.mga7
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 16 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0266.html
Type: security
CVE: CVE-2019-1010142, CVE-2019-1010262
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!