Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

openSUSE: 2024:0106-1 Moderate sngrep Buffer Overflow Fix

opensuse
Calendar Grey April 10, 2024
Scroller Opensuse
An update for sngrep resolves two significant security vulnerabilities and enhances performance for users on openSUSE platforms.
An update that fixes two vulnerabilities is now available

Description

This update for sngrep fixes the following issues:

- Update to version 1.8.1

* Fix CVE-2024-3119: sngrep: buffer overflow due to improper handling of

'Call-ID' and 'X-Call-ID' SIP headers.

* Fix CVE-2024-3120: sngrep: stack-buffer overflow due to inadequate

bounds checking when copying 'Content-Length' and 'Warning' headers

into fixed-size buffers.

- Update to versino 1.8.0

* fix typo in message, thanks to lintian.

* fix compiler warnings about unused variables.

* Fixed a typo in comment line in filter.c

* Redefine usage of POSIX signals.

* Support for building sngrep using CMake added.

- Update to version 1.7.0

* save: add option --text to save captured data to plain text

* capture: fix memory overflows while parsing IP headers

* hep: fix hep listener enabled in offline mode

* core: stop sngrep when parent process has ended

* ssl: fix decrypt with AES256 GCM SHA384 cipher

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-106=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

sngrep-1.8.1-bp155.2.3.1

References

https://www.suse.com/security/cve/CVE-2024-3119.html

https://www.suse.com/security/cve/CVE-2024-3120.html

Announcement ID: openSUSE-SU-2024:0106-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP5 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.