[Bug 987846] New: VUL-0: CVE-2016-6160: tcpreplay: segfault upon huge frames, missing size check
http://bugzilla.opensuse.org/show_bug.cgi?id=987846 Bug ID: 987846 Summary: VUL-0: CVE-2016-6160: tcpreplay: segfault upon huge frames, missing size check Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: mkubecek@suse.com Reporter: astieger@suse.com QA Contact: security-team@suse.de CC: mkubecek@suse.com, security-team@suse.de Found By: Security Response Team Blocker: --- the tcprewrite program, part of the tcpreplay suite, does not check the size of the frames it processes. Huge frames may trigger a segmentation fault, and they occur on interfaces with an MTU of or close to 65536. For example, the loopback interface lo of the Linux kernel has such a value. This has been assigned CVE-2016-6160. Fix is in the debian bug. network:utilities/tcpreplay 4.1.1 openSUSE:Factory/tcpreplay 4.1.1 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6160 http://seclists.org/oss-sec/2016/q3/10 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6160.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829350 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=987846
http://bugzilla.opensuse.org/show_bug.cgi?id=987846#c7
Andreas Stieger
participants (1)
-
bugzilla_noreply@novell.com