Bug 18870

Summary: tcpreplay new security issue CVE-2016-6160
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/693865/
Whiteboard: has_procedure advisory mga5-64-ok
Source RPM: tcpreplay-4.1.0-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2016-07-05 20:11:47 CEST 
A security issue in tcpreplay has been announced today (July 5):
http://openwall.com/lists/oss-security/2016/07/05/3

The message above contains a link to the Debian bug which has a fix.

This package appears to have not built in the mga6 mass rebuild.

Assigning to David, who last updated it.

Mageia 5 is likely also affected.
David Walser 2016-07-05 20:11:54 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 David Walser 2016-07-07 16:08:24 CEST 
Patched packages uploaded for Mageia 5 and Cauldron by David.  Thanks David!

Advisory:
========================

Updated tcpreplay package fixes security vulnerability:

The tcprewrite program, part of the tcpreplay suite, does not check the size of
the frames it processes. Huge frames may trigger a segmentation fault, and they
occur on interfaces with an MTU of or close to 65536. For example, the loopback
interface lo of the Linux kernel has such a value (CVE-2016-6160).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6160
http://openwall.com/lists/oss-security/2016/07/05/3
========================

Updated packages in core/updates_testing:
========================
tcpreplay-3.4.4-6.1.mga5

from tcpreplay-3.4.4-6.1.mga5.src.rpm

CC: (none) => geiger.david68210
Version: Cauldron => 5
Assignee: geiger.david68210 => qa-bugs
Whiteboard: MGA5TOO => (none)

David Walser 2016-07-08 16:01:36 CEST

URL: (none) => http://lwn.net/Vulnerabilities/693865/

Comment 2 claire robinson 2016-07-08 17:16:03 CEST 
Testing complete mga5 64

No PoC. Confirmed the patch has been applied with madb rpmdiff of srpm.

Testing with an old pcap file from wireshark testing.

$ du -b crush.pcap 
104     crush.pcap

$ tcprewrite --infile=crush.pcap --outfile=output.pcap

$ du -b output.pcap 
104     output.pcap


Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => has_procedure mga5-64-ok
CC: (none) => sysadmin-bugs

claire robinson 2016-07-08 17:34:55 CEST

Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok

Comment 3 Mageia Robot 2016-07-08 21:51:50 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0247.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED