Fedora has issued an advisory on May 11: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/ Cauldron already includes the patch that fixes the problem (http://svnweb.mageia.org/packages/cauldron/tcpdump/current/SOURCES/0012-CVE-2024-2397.patch?view=log) so only Mageia 9 is affected.
Source RPM: (none) => tcpdump-4.99.4-1.mga9.src.rpmStatus comment: (none) => Patch available from CauldronCVE: (none) => CVE-2024-2397
tcpdump-4.99.4-1.1.mga9 is currently building.
Suggested advisory: ======================== The updated package fixes a security vulnerability: Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. (CVE-2024-2397) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/ ======================== Updated package in core/updates_testing: ======================== tcpdump-4.99.4-1.1.mga9 from SRPM: tcpdump-4.99.4-1.1.mga9.src.rpm
Status comment: Patch available from Cauldron => (none)Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugs
Keywords: (none) => advisory
LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing tcpdump-4.99.4-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: tcpdump ################################################################################################## 1/1: removing tcpdump-2:4.99.4-1.mga9.x86_64 ################################################################################################## Reference test made by Thomas in bug#31782 comment4 tcpdump -tttt tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes 2024-05-14 17:47:51.221028 IP 192.168.1.64.mdns > mdns.mcast.net.mdns: 54 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61) 2024-05-14 17:47:51.305423 IP phoenix.local.49807 > one.one.one.one.domain: 11779+ PTR? 251.0.0.224.in-addr.arpa. (42) 2024-05-14 17:47:51.317006 IP one.one.one.one.domain > phoenix.local.49807: 11779 1/0/0 PTR mdns.mcast.net. (70) 2024-05-14 17:47:51.317154 IP phoenix.local.46011 > one.one.one.one.domain: 34506+ PTR? 64.1.168.192.in-addr.arpa. (43) 2024-05-14 17:47:51.328054 IP one.one.one.one.domain > phoenix.local.46011: 34506 NXDomain 0/0/0 (43) 2024-05-14 17:47:51.428945 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43) 2024-05-14 17:47:51.429000 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43) 2024-05-14 17:47:52.430692 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43) 2024-05-14 17:47:52.430769 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43) 2024-05-14 17:47:54.433450 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43) 2024-05-14 17:47:54.433544 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 64.1.168.192.in-addr.arpa. (43) 2024-05-14 17:47:56.331818 IP phoenix.local.41868 > one.one.one.one.domain: 11695+ PTR? 1.1.1.1.in-addr.arpa. (38) 2024-05-14 17:47:56.344052 IP one.one.one.one.domain > phoenix.local.41868: 11695 1/0/0 PTR one.one.one.one. (67) 2024-05-14 17:47:56.344304 IP phoenix.local.53227 > one.one.one.one.domain: 38403+ PTR? 3.1.168.192.in-addr.arpa. (42) 2024-05-14 17:47:56.355164 IP one.one.one.one.domain > phoenix.local.53227: 38403 NXDomain 0/0/0 (42) 2024-05-14 17:47:56.455884 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 3.1.168.192.in-addr.arpa. (42) 2024-05-14 17:47:56.455934 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 3.1.168.192.in-addr.arpa. (42) 2024-05-14 17:47:56.456176 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0*- [0q] 1/0/0 (Cache flush) PTR phoenix.local. (63) 2024-05-14 17:47:56.456586 IP phoenix.local.51135 > one.one.one.one.domain: 40026+ PTR? b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90) 2024-05-14 17:47:56.468531 IP one.one.one.one.domain > phoenix.local.51135: 40026 NXDomain 0/1/0 (166) 2024-05-14 17:47:56.469040 IP phoenix.local.50308 > one.one.one.one.domain: 59146+ PTR? 7.4.d.c.d.d.e.f.f.f.5.9.9.6.2.e.e.c.6.4.b.1.0.0.e.4.0.1.6.0.8.2.ip6.arpa. (90) 2024-05-14 17:47:56.796915 IP phoenix.local.51220 > vmi527359.contaboserver.net.ssh: Flags [P.], seq 3172428979:3172429031, ack 4256748088, win 82, options [nop,nop,TS val 4034461785 ecr 522114178], length 52 2024-05-14 17:47:56.993825 IP vmi527359.contaboserver.net.ssh > phoenix.local.51220: Flags [P.], seq 1:37, ack 52, win 292, options [nop,nop,TS val 522129174 ecr 4034461785], length 36 2024-05-14 17:47:56.993877 IP phoenix.local.51220 > vmi527359.contaboserver.net.ssh: Flags [.], ack 37, win 82, options [nop,nop,TS val 4034461982 ecr 522129174], length 0 2024-05-14 17:47:57.125678 IP one.one.one.one.domain > phoenix.local.50308: 59146 1/0/0 PTR 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx. (165) 2024-05-14 17:47:57.126323 IP phoenix.local.53861 > one.one.one.one.domain: 40136+ PTR? 42.97.68.164.in-addr.arpa. (43) 2024-05-14 17:47:57.606965 IP one.one.one.one.domain > phoenix.local.53861: 40136 1/0/0 PTR vmi527359.contaboserver.net. (84) 2024-05-14 17:47:58.677330 ARP, Request who-has phoenix.local tell _gateway, length 46 2024-05-14 17:47:58.677349 ARP, Reply phoenix.local is-at e0:69:95:dd:cd:47 (oui Unknown), length 28 2024-05-14 17:47:58.689043 IP phoenix.local.52891 > one.one.one.one.domain: 64429+ PTR? 254.1.168.192.in-addr.arpa. (44) 2024-05-14 17:47:58.699777 IP one.one.one.one.domain > phoenix.local.52891: 64429 NXDomain 0/0/0 (44) 2024-05-14 17:47:58.800520 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44) 2024-05-14 17:47:58.800572 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44) 2024-05-14 17:47:59.802244 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44) 2024-05-14 17:47:59.802303 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44) 2024-05-14 17:48:01.805048 IP6 2806-104e-001b-46ce-e269-95ff-fedd-cd47.ipv6.infinitum.net.mx.mdns > ff02::fb.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44) 2024-05-14 17:48:01.805099 IP phoenix.local.mdns > mdns.mcast.net.mdns: 0 PTR (QM)? 254.1.168.192.in-addr.arpa. (44) ^C 37 packets captured 37 packets received by filter 0 packets dropped by kernel tcpdump -w tmp/tmp.pcap tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes ^C9 packets captured 9 packets received by filter 0 packets dropped by kernel tcpdump -w tmp/tmp.pcap tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes ^C9 packets captured 9 packets received by filter 0 packets dropped by kernel [root@phoenix ~]# tcpdump -tttt -r tmp/tmp.pcap reading from file tmp/tmp.pcap, link-type EN10MB (Ethernet), snapshot length 262144 2024-05-14 17:49:23.108615 IP 80.66.83.164.49905 > phoenix.local.53569: Flags [S], seq 3247022263, win 1025, options [mss 1452], length 0 2024-05-14 17:49:24.693361 ARP, Request who-has phoenix.local tell _gateway, length 46 2024-05-14 17:49:24.693377 ARP, Reply phoenix.local is-at e0:69:95:dd:cd:47 (oui Unknown), length 28 2024-05-14 17:49:25.963547 IP 80.66.83.161.49718 > phoenix.local.36414: Flags [S], seq 313680609, win 1024, options [mss 536], length 0 2024-05-14 17:49:26.801868 IP phoenix.local.51220 > vmi527359.contaboserver.net.ssh: Flags [P.], seq 3172429291:3172429343, ack 4256748304, win 82, options [nop,nop,TS val 4034551790 ecr 522204172], length 52 2024-05-14 17:49:26.999202 IP vmi527359.contaboserver.net.ssh > phoenix.local.51220: Flags [P.], seq 1:37, ack 52, win 292, options [nop,nop,TS val 522219180 ecr 4034551790], length 36 2024-05-14 17:49:26.999257 IP phoenix.local.51220 > vmi527359.contaboserver.net.ssh: Flags [.], ack 37, win 82, options [nop,nop,TS val 4034551987 ecr 522219180], length 0 2024-05-14 17:49:28.188898 IP unused-space.coop.net.28920 > phoenix.local.5901: Flags [S], seq 371541030, win 42340, options [mss 1452,sackOK,TS val 1715638716 ecr 0,nop,wscale 10], length 0 2024-05-14 17:49:31.224904 IP 192.168.1.64.mdns > mdns.mcast.net.mdns: 59 [2q] PTR (QM)? _233637DE._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (61)
CC: (none) => andrewsfarm
Looks good
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0177.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED