|
|
Log in / Subscribe / Register

Mageia alert MGASA-2018-0401 (tcpflow)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2018-0401: Updated tcpflow packages fix security vulnerability 


Date:
              Fri, 19 Oct 2018 20:01:34 +0200


Message-ID:
              <20181019180134.0B3D5A0017@duvel.mageia.org>


MGASA-2018-0401 - Updated tcpflow packages fix security vulnerability

Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0401.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-14938

Description:
pdated tcpflow package fixes security vulnerability:

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through
1.5.0-alpha. There is an integer overflow in the function handle_prism
during caplen processing. If the caplen is less than 144, one can cause
an integer overflow in the function handle_80211, which will result in
an out-of-bounds read and may allow access to sensitive memory or a
denial of service (CVE-2018-14938).

References:
- https://bugs.mageia.org/show_bug.cgi?id=23538
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1...

SRPMS:
- 6/core/tcpflow-1.5.0-1.mga6
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds