|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2019-0fbfb00cbb (nfdump)



From:
              updates@fedoraproject.org 


To:
              package-announce@lists.fedoraproject.org 


Subject:
              [SECURITY] Fedora 30 Update: nfdump-1.6.18-1.fc30 


Date:
              Sat, 24 Aug 2019 01:03:54 +0000 (UTC)


Message-ID:
              <20190824010354.60D7260954AE@bastion01.phx2.fedoraproject.org>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-0fbfb00cbb
2019-08-24 01:02:35.701884
--------------------------------------------------------------------------------

Name        : nfdump
Product     : Fedora 30
Version     : 1.6.18
Release     : 1.fc30
URL         : https://github.com/phaag/nfdump
Summary     : NetFlow collecting and processing tools
Description :
Nfdump is a set of tools to collect and process NetFlow data. It's fast and has
a powerful filter pcap like syntax. It supports NetFlow versions v1, v5, v7, v9
and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA
(NSEL) and CISCO NAT (NEL) devices which export event logging records as v9
flows. Nfdump is fully IPv6 compatible.

--------------------------------------------------------------------------------
Update Information:

2019-08-14  - Fix compile issues - Fix output buffer size for
lzo1x_decompress_safe()  2019-08-07  - Fix VerifyExtensionMap #179  2019-08-06
- Fix compile errors  2019-08-05  - Fix nfdump.1 man page. #175 - Fix off by 1
array. #173 - Fix use after free in ModifyCompressFile - Add bound checks in
AddExporterStat #174 - Add bound checks in AddSamplerInfo #176 - Add bound
checks in AddExporterInfo - Fix checks in InsertExtensionMap #177 - Remove
COMPAT15 code - should no longer be needed. - Move version to v1.6.18 - Merge
pull request #167 - Cleanup old code - Replace depricated pcap_lookupdev call in
nfpcapd  2019-07-31  - Add early record size sanity check also for nfprofile,
nfanon and nfreplay  2019-07-26  - nfpcapd cleanup, add some more monitoring -
Fix hbo_exporter.c:249_1 segfault  - Fix hbo_nffile_inline.c:85_1 segfault - Fix
hbo_nfx.c:216_3 segfault - Update minilzo to v2.10 - Change to safe lzo
decompress function  2019-07-25  - Rework nfpcapd and add it officially to the
nfdump collection. - Add nfpcapd man page - Fix potential unsigned integer
underflow #171  2019-07-16  - Add latency extension if dumping flowcache
2019-07-15  - Fix typos - Fix exporter struct inconsistancies. Coredump on ARM
otherwise.  2019-07-02  - Add ipfix element #150, #151 unix time start/end - Fix
display bug raw record  2019-06-01  - Add ipfix dyn element handling. - Add
empty m4 directory - keep autoconf happy  2019-06-01  - Fix issue #162 - ipfix
mpls sequece. - Fix issue #156 - print flowtable index error  2019-03-17  - Fix
spec file - Remove non thread safe logging in nfpcapd  2018-11-24  - Fix
protocol tag for protocol 87 - TCF - #130 - Add TCP flags ECN,CVR - #132 - Fix
some error messages to be printed to the correct stream #135 - Add missing -M
command line help to nfcapd - Remove padding byte warning in log #141 - Fix bug
to accept -y compression flag in nfcapd. - #145  2018-06-24  - Fix bookkeeper
type - use key_t - Add multiple packet repeaters to nfcapd/sfcapd. Up to 8
repeaters (-R) can be defined. - Ignore OSX .DS_Store files in -R file list -
Add CISCO ASA elements initiatorPackets (298) responderPackets (299) - Merge
#120 pull request for -z parameter to nfreplay - Update man page nfreplay
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 14 2019 Denis Fateyev <denis@fateyev.com> - 1.6.18-1
- Update to version 1.6.18
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1735649 - CVE-2019-14459 nfdump: integer overflow in function
Process_ipfix_template_withdraw in ipfix.c leads to denial of service [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1735649
  [ 2 ] Bug #1735555 - CVE-2019-1010057 nfdump: buffer overflow in nfx.c, nffile_inline.c and
minilzo.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1735555
  [ 3 ] Bug #1735648 - CVE-2019-14459 nfdump: integer overflow in function
Process_ipfix_template_withdraw in ipfix.c leads to denial of service [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1735648
  [ 4 ] Bug #1735554 - CVE-2019-1010057 nfdump: buffer overflow in nfx.c, nffile_inline.c and
minilzo.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1735554
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-0fbfb00cbb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds