Debian Bug report logs -
#922622
tcpreplay: CVE-2019-8381
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
Bug#922622; Package src:tcpreplay.
(Mon, 18 Feb 2019 14:45:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Christoph Biedl <debian.axhn@manchmal.in-ulm.de>.
(Mon, 18 Feb 2019 14:45:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: tcpreplay
Version: 4.3.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/appneta/tcpreplay/issues/538
Hi,
The following vulnerability was published for tcpreplay.
CVE-2019-8381[0]:
| An issue was discovered in Tcpreplay 4.3.1. An invalid memory access
| occurs in do_checksum in checksum.c. It can be triggered by sending a
| crafted pcap file to the tcpreplay-edit binary. It allows an attacker
| to cause a Denial of Service (Segmentation fault) or possibly have
| unspecified other impact.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-8381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8381
[1] https://github.com/appneta/tcpreplay/issues/538
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
You have taken responsibility.
(Wed, 13 Mar 2019 08:39:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 13 Mar 2019 08:39:07 GMT) (full text, mbox, link).
Message #10 received at 922622-close@bugs.debian.org (full text, mbox, reply):
Source: tcpreplay
Source-Version: 4.3.1-2
We believe that the bug you reported is fixed in the latest version of
tcpreplay, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 922622@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <debian.axhn@manchmal.in-ulm.de> (supplier of updated tcpreplay package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Mar 2019 00:04:30 +0100
Source: tcpreplay
Architecture: source
Version: 4.3.1-2
Distribution: unstable
Urgency: medium
Maintainer: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Changed-By: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Closes: 922622 922623 922624
Changes:
tcpreplay (4.3.1-2) unstable; urgency=medium
.
* Fix three more issues
Closes: #922624 [CVE-2019-8376]
Closes: #922623 [CVE-2019-8377]
Closes: #922622 [CVE-2019-8381]
Checksums-Sha1:
8fa038820a26de84ccba3ecdf71a3db35c3caf84 2010 tcpreplay_4.3.1-2.dsc
18496bbe5937e2d26d7d8074fe0641a558e3801f 8976 tcpreplay_4.3.1-2.debian.tar.xz
bd23e79fcb3becdd24a62a02d45f6089abbc0483 5705 tcpreplay_4.3.1-2_powerpc.buildinfo
Checksums-Sha256:
e460dfe36599898fcb1df6e5a81a9095f9b0b7d50730da5e2d2390f17cf83fe7 2010 tcpreplay_4.3.1-2.dsc
739534e8d27fe72d3fce28194c9344aace453dd87ed8fce1c35f8c1e0287038a 8976 tcpreplay_4.3.1-2.debian.tar.xz
08b2bf085eb2691473e91c24d59500beb6821a32d37d0dd5e4e54a4549486f78 5705 tcpreplay_4.3.1-2_powerpc.buildinfo
Files:
95508ecd99b39cb7b2cf0eff54d05e9e 2010 net optional tcpreplay_4.3.1-2.dsc
87be4f8a7f2fd5a9a74ed3e5a2e76e5c 8976 net optional tcpreplay_4.3.1-2.debian.tar.xz
75d9ee7b7de31b66f0c7c7fca737dbdc 5705 net optional tcpreplay_4.3.1-2_powerpc.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAlyItD0ACgkQxCxY61kU
kv1dxQ/9HT2eyi9hSDXv6rRrDCcxZZNBCXudfBivnlBP+9YDAQIniA9L1o9RJsjI
6PJIxD8AMJxLj8mU8vZMd5Nj8W2ORPeIQWN1Kj5TU+I9Mn4I26NyDhXUd4xFSkE1
4bUxnaqXELCs2E6YvZY2+XuRcLuwaTK5X7rwcbBvapAn7sO5Rm4GKL4GttX3RZ/S
J3w+tfu9/00hnGjRbANCpY7Q9yDt1cbrmVW8btNX7fiKT1KVH4QXtvjykMW5RM2d
nIFt/I/3sQYx+NwDkOjrs9XcA8chyYnsrVVez67RGWWvRXNxS39p01nY8nZvvyzb
waDq/Glktm1WUfQ1RXrkDrXbK6mGJk0H4Sk/If1Ub6HP8r6euk/5SDCMtbtIGc1h
D1/vckV8Nl7f3QwQLNwKJzblIuKYwwf5cfF1O0uhu0Vy8qpWbSf9STRgd+45Wi3q
A904/xAlmv7deeNpEd28ZCqn9Mnn2+PzmvHikHZYY5bI9zsxaDs1PrXQFx+m2ZvN
SiuaBd95WVUJVOOL3SrCwm2mqNpWwKS8wxvhO14V5jUQd5yTwsei9RmBZ7RWEtnQ
T/ozffQkGUs8wt7ZZLahZPDMyxos1FJ0PF+tUyF9ixh9u2MPAv4xxTKyXrl+uxBM
9e0CalutHgdqP3UZl9aR82e+dpzni/EFSZAwd0xv+S/vSL083ag=
=pNy8
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:33:34 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon