From ${URL} : Tcpcapinfo utility of Tcpreplay has a buffer overflow vulnerability associated with parsing a crafted pcap file. This occurs in the src/tcpcapinfo.c file when capture has a packet that is too large to handle. References: http://seclists.org/bugtraq/2017/Mar/22 Upstream bug: https://github.com/appneta/tcpreplay/issues/278 Upstream patch: https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Upstream appears to be working leisurely toward a 4.2.0 release and has not (yet) released a 4.1 branch version that fixes the issue. Arch teams, please test and mark stable: =net-analyzer/tcpreplay-4.1.2-r1 Targeted stable KEYWORDS : amd64 x86
CVE-2017-6429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6429): Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
No ACE/RCE, downgraded to B3. GLSA Vote: No Repository is clean, all done.
