Fedora has issued an advisory today (October 29): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M623ONZKOZL5Y7XQNHKXEPV76XYCPXQM/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Done for both Cauldron and mga7!
Advisory: ======================== Updated tcpreplay package fixes security vulnerabilities: An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service (CVE-2020-24265). An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service (CVE-2020-24266). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24265 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24266 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M623ONZKOZL5Y7XQNHKXEPV76XYCPXQM/ ======================== Updated packages in core/updates_testing: ======================== tcpreplay-4.3.3-1.1.mga7 from tcpreplay-4.3.3-1.1.mga7.src.rpm
Version: Cauldron => 7Assignee: geiger.david68210 => qa-bugsCC: (none) => geiger.david68210Whiteboard: MGA7TOO => (none)
MGA7-64 MATE on Peaq C1011 No installation issues Ref bugs 24581 and 26885 for tests, so # tcpdump -w netdump1.pcap $ tcprewrite --infile=netdump1.pcap --outfile=new.pcap $ ls -als *.pcap 5964 -rw-r--r-- 1 root root 6100239 Nov 21 16:10 netdump1.pcap 5960 -rw-r--r-- 1 tester7 tester7 6100239 Nov 21 16:12 new.pcap $ tcpreplay --listnics Warning: May need to run as root to get access to all network interfaces. Warning: May need to run as root to get access to all network interfaces. Available network interfaces: wlan0 any bluetooth-monitor nflog nfqueue # tcpreplay -v -i wlan0 new.pcap reading from file -, link-type EN10MB (Ethernet) 16:04:29.1605971069 34:31:c4:80:a9:b4 > ff:ff:ff:ff:ff:ff, ethertype Unknown (0x88e1), length 60: 0x0000: 0000 a000 b052 2c4d 9076 0000 0000 0000 .....R,M.v...... 0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0020: 0000 0000 0000 0000 0000 0000 0000 .............. 16:04:29.1605971069 34:31:c4:80:a9:b4 > ff:ff:ff:ff:ff:ff, ethertype Unknown (0x8912), length 60: ^C User interrupt... sendpacket_abort 0x0000: 0170 a000 0000 1f84 4da3 97a2 5553 bef1 .p......M...US.. 0x0010: fcf9 796b 5214 13e9 e200 0000 0000 0000 ..ykR........... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .............. Actual: 3 packets (180 bytes) sent in 1.32 seconds Rated: 136.0 Bps, 0.001 Mbps, 2.26 pps Statistics for network device: wlan0 Successful packets: 2 Failed packets: 0 Truncated packets: 0 Retried packets (ENOBUFS): 0 Retried packets (EAGAIN): 0 and loads more Seems all OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory pushed to SVN.
Keywords: (none) => advisoryCC: (none) => ouaurelien
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0437.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED