A security issue in tcpreplay has been announced today (July 5): http://openwall.com/lists/oss-security/2016/07/05/3 The message above contains a link to the Debian bug which has a fix. This package appears to have not built in the mga6 mass rebuild. Assigning to David, who last updated it. Mageia 5 is likely also affected.
Whiteboard: (none) => MGA5TOO
Patched packages uploaded for Mageia 5 and Cauldron by David. Thanks David! Advisory: ======================== Updated tcpreplay package fixes security vulnerability: The tcprewrite program, part of the tcpreplay suite, does not check the size of the frames it processes. Huge frames may trigger a segmentation fault, and they occur on interfaces with an MTU of or close to 65536. For example, the loopback interface lo of the Linux kernel has such a value (CVE-2016-6160). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6160 http://openwall.com/lists/oss-security/2016/07/05/3 ======================== Updated packages in core/updates_testing: ======================== tcpreplay-3.4.4-6.1.mga5 from tcpreplay-3.4.4-6.1.mga5.src.rpm
CC: (none) => geiger.david68210Version: Cauldron => 5Assignee: geiger.david68210 => qa-bugsWhiteboard: MGA5TOO => (none)
URL: (none) => http://lwn.net/Vulnerabilities/693865/
Testing complete mga5 64 No PoC. Confirmed the patch has been applied with madb rpmdiff of srpm. Testing with an old pcap file from wireshark testing. $ du -b crush.pcap 104 crush.pcap $ tcprewrite --infile=crush.pcap --outfile=output.pcap $ du -b output.pcap 104 output.pcap Validating.
Keywords: (none) => validated_updateWhiteboard: (none) => has_procedure mga5-64-okCC: (none) => sysadmin-bugs
Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0247.html
Status: NEW => RESOLVEDResolution: (none) => FIXED