Stay Secure with the Latest Linux Advisories

security advisorysecurity issuesoftware update

Fedora 29: FEDORA-2019-2c020ccbd5 Critical: tcpflow Buffer Over-Read

Update tcpflow to 1.5.2 tag at github, fixing a security issue.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-2c020ccbd5 2019-03-21 21:46:40.166758 --------------------------------------------------------------------------------Name : tcpflow Product : Fedora 29 Version : 1.5.0 Release : 4.fc29 URL : https://github.com/simsong/tcpflow Summary : Network traffic recorder Description : tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis. --------------------------------------------------------------------------------Update Information: Update tcpflow to 1.5.2 tag at github, fixing a security issue. --------------------------------------------------------------------------------ChangeLog: * Mon Mar 11 2019 Terje Rosten - 1.5.0-4 - Get 1.5.2 diff from github * Sun Feb 3 2019 Fedora Release Engineering - 1.5.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1646413 - CVE-2018-18409 tcpflow: stack-based buffer over-read exists in setbit() at iptree.h [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1646413 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-2c020ccbd5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The recent update for tcpflow 1.5.2 on Fedora 29 tackles a vital buffer over-read vulnerability efficiently. Proceed with the installation.. tcpflow security update, Fedora 29 tcpflow, network traffic recorder, buffer over-read fix. . Severity: Critical. LinuxSecurity.com Team

Mar 21, 2019 •Critical Fedora