Fedora has issued an advisory on September 6:
Mageia 5 is also affected.
The issue is fixed upstream in 1.5.0.
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC'ing three pretty recent committers, and fedya who once imported this package.
Just in case you find time again to contribute & learn to now become a full packager: if your password wasn't reset since the end of February, then a sysadmin needs to reset it first.
If the ssh key that you used to commit is a dsa key, then a sysadmin needs to
replace your public key in identity with the public rsa key that you provide to
You can privately mail all our sysadmins by sending a mail to sysadmin AT group
DOT mageia DOT org :-)
alexander, cjw, geiger.david68210, guillomovitch, marja11Assignee:
Updated package uploaded for Mageia 6.
Updated tcpflow package fixes security vulnerability:
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory or a denial of service (CVE-2018-14938).
Updated packages in core/updates_testing:
Installed and tested without issues.
Tests included capturing HTTP(S), IMAP(S), POP3(S), MySQL to files or terminal. The output seems correct.
System: Mageia 6, x86_64, Intel CPU.
$ uname -a
Linux marte 4.14.70-desktop-2.mga6 #1 SMP Thu Sep 20 22:05:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ lspcidrake | grep NET
r8169 : Realtek Semiconductor Co., Ltd.|RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [NETWORK_ETHERNET] (rev: 02)
$ rpm -q tcpflow
$ tcpflow -a -i lo
tcpflow: listening on lo
$ tcpflow -a
tcpflow: listening on enp2s0
Validating. Suggested advisory in Comment 3.
An update for this issue has been pushed to the Mageia Updates repository.