Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

Ubuntu 18.04 LTS: USN-3955-1 Critical: Tcpflow Remote Crash

ubuntu
Calendar Grey April 25, 2019
Dist Ubuntu Esm H88
Enhance your platform's defense against tcpflow security flaws impacting Ubuntu, guaranteeing that confidential information stays protected from potential leaks.
tcpflow could be made to crash or expose sensitive information over the network if it opened a specially crafted file or received specially crafted network traffic.

Summary

tcpflow could be made to crash or expose sensitive information over the network

if it opened a specially crafted file or received specially crafted network

traffic.

Software Description:

- tcpflow: TCP flow recorder

Details:

It was discovered that tcpflow incorrectly handled certain malformed network

packets. A remote attacker could send these packets to a target system, causing

tcpflow to crash or possibly disclose sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  tcpflow                         1.4.5+repack1-4ubuntu0.18.10.1
  tcpflow-nox                     1.4.5+repack1-4ubuntu0.18.10.1

Ubuntu 18.04 LTS:
  tcpflow                         1.4.5+repack1-4ubuntu0.18.04.1
  tcpflow-nox                     1.4.5+repack1-4ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  tcpflow                         1.4.5+repack1-1ubuntu0.1
  tcpflow-nox                     1.4.5+repack1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3955-1

CVE-2018-14938, CVE-2018-18409

Severity
critical
Lowest
Low
Medium
High
Critical

April 24, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.