Summary: | <net-analyzer/tcpreplay-4.4.1: multiple vulnerabilities (CVE-2021-{45386,45387}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 834459 | ||
Bug Blocks: |
Description
filip ambroz
2022-02-11 20:40:44 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f59a2f395f9edd7db3c03ac4628300e417f827b3 commit f59a2f395f9edd7db3c03ac4628300e417f827b3 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-13 16:18:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-13 16:19:25 +0000 net-analyzer/tcpreplay: add 4.4.1 Bug: https://bugs.gentoo.org/833139 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/tcpreplay/Manifest | 1 + .../tcpreplay-4.4.1-fix-bashism-configure.patch | 34 +++++++++ net-analyzer/tcpreplay/tcpreplay-4.4.1.ebuild | 85 ++++++++++++++++++++++ ...preplay-999999.ebuild => tcpreplay-9999.ebuild} | 2 +- 4 files changed, 121 insertions(+), 1 deletion(-) CVE-2022-27418 (https://github.com/appneta/tcpreplay/issues/703): Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. CVE-2022-27416 (https://github.com/appneta/tcpreplay/issues/702): Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88ba016aa774dab2e07e26e0c461ed03c93e6462 commit 88ba016aa774dab2e07e26e0c461ed03c93e6462 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:42:49 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:24 +0000 [ GLSA 202210-08 ] Tcpreplay: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/833139 Bug: https://bugs.gentoo.org/836240 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-08.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d5ed53a1fde4bc265745acf50499481a20054a1 commit 5d5ed53a1fde4bc265745acf50499481a20054a1 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-16 15:03:41 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 15:03:41 +0000 net-analyzer/tcpreplay: drop 4.3.4, 4.4.1 Bug: https://bugs.gentoo.org/836240 Bug: https://bugs.gentoo.org/833139 Signed-off-by: John Helmert III <ajak@gentoo.org> net-analyzer/tcpreplay/Manifest | 2 - net-analyzer/tcpreplay/tcpreplay-4.3.4.ebuild | 77 ------------------------ net-analyzer/tcpreplay/tcpreplay-4.4.1.ebuild | 87 --------------------------- 3 files changed, 166 deletions(-) GLSA released, all done! |