Fedora has issued an advisory today (May 15):
Mageia 8 is also affected.
Patches available from FedoraWhiteboard:
Alas, this is a patch rather than new version fix.
No one packager in view for tcpreplay, so assigning this globally.
The updated package fixes security vulnerabilities:
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. (CVE-2023-27783)
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. (CVE-2023-27784)
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. (CVE-2023-27785)
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. (CVE-2023-27786)
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. (CVE-2023-27787)
An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. (CVE-2023-27788)
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. (CVE-2023-27789)
Updated package in core/updates_testing:
Patches available from Fedora =>
MGA8-64 MATE on Acer Aspire 5253
No installation issues
Ref bug 30822 for testing
# tcprewrite --infile=wiresharktest50 --outfile=new.pcap --dstipmap=0.0.0.0/0:192.168.2.7
# tcpreplay --intf1=wlp7s0 new.pcap
Actual: 50 packets (15637 bytes) sent in 20.30 seconds
Rated: 769.9 Bps, 0.006 Mbps, 2.46 pps
Flows: 9 flows, 0.44 fps, 28 flow packets, 22 non-flow
Statistics for network device: wlp7s0
Successful packets: 50
Failed packets: 0
Truncated packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0
To the contrary of bug 30822, the command stopped by itself.
Looks OK, but my wifi was not working anymore, network center showed connected, but nothing comes thru. I had to disconnect and reconnect, and then all was normal.
I'll OK the update, I've got the idea that the tcpreplay somehow interrupts the normal working of the network interface. If this behavior is not OK, the block the update.
I watched a few videos on using tcpreplay, and I saw nothing that mentioned restarting the interface, but none of them appeared to be using wifi for it. All used an "eth(N)" interface. So that was no help.
I would validate, but the behavior with the wifi troubles me, as my knowledge of such things is limited. So I ask: Is it OK, or not?
I checked previous updates and Brian and myself were the only ones to use the wifi in the command. But neither of us made any note on wifi begavior after the test.
I cann't do the test again, since the laptop involved is now taken by an M9 upgrade exercise.
OK, sending it on. Validating. Advisory in comment 2.
An update for this issue has been pushed to the Mageia Updates repository.