Bug 25262 - nmap new security issue CVE-2018-15173
Summary: nmap new security issue CVE-2018-15173
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-08-11 18:29 CEST by David Walser
Modified: 2019-10-17 00:23 CEST (History)
6 users (show)

See Also:
Source RPM: nmap-7.70-2.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-08-11 18:29:28 CEST
nmap 7.80 has been released on August 10:
https://seclists.org/nmap-announce/2019/0

It fixes one security issue:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15173

which openSUSE issued an advisory for on May 28:
https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00067.html
Comment 1 Marja Van Waes 2019-08-11 18:43:29 CEST
Assigning to our registered nmap maintainer.

CC: (none) => marja11
Assignee: bugsquad => guillomovitch

Comment 2 Guillaume Rousse 2019-10-13 17:22:52 CEST
I just submitted nmap-7.70-2.1.mga7, fixing the issue, in updates_testing.
Guillaume Rousse 2019-10-13 17:24:09 CEST

Assignee: guillomovitch => qa-bugs

Comment 3 David Walser 2019-10-14 01:58:00 CEST
Advisory:
========================

Updated nmap packages fix security vulnerability:

Nmap through 7.70, when the -sV option is used, allows remote attackers to
cause a denial of service (stack consumption and application crash) via a
crafted TCP-based service (CVE-2018-15173).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15173
https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00067.html
========================

Updated packages in core/updates_testing:
========================
nmap-7.70-2.1.mga7
nmap-frontend-7.70-2.1.mga7

from nmap-7.70-2.1.mga7.src.rpm

CC: (none) => guillomovitch

Comment 4 Herman Viaene 2019-10-16 09:58:03 CEST
MGA7-64 Plasma on Lenovo B50.
No installation issues
Ran nmapfe and xnmap, which both seem to point to zenmap. Ran a few scans of this laptop and my desktop PC.Seems OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 5 Thomas Andrews 2019-10-16 21:41:45 CEST
Validating. Advisory in Comment 3.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2019-10-16 23:14:17 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 6 Mageia Robot 2019-10-17 00:23:57 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0294.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.