The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.

Read More

A Vulnerability has been discovered in Atlassian Bitbucket Server and Data Center which could allow for remote code execution. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. Successful exploitation could allow the attacker to execute remote code in context of the application. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

A Vulnerability has been discovered in Atlassian Bitbucket Server and Data Center which could allow for remote code execution. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. Successful exploitation could allow the attacker to execute remote code in context of the application. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

FEDORA-EPEL-2022-00b4829e45

Packages in this update:

tcpreplay-4.4.2-1.el8

Update description:

This is Tcpreplay suite 4.4.2

This release contains bug fixes only. What’s changed:

Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen in #738
Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721
Bug #717 avoid assertion in get_layer4_v6 by @fklassen in #739
Bug #718 improved heap-overflow protection by @fklassen in #740
Bug #719 better overflow protection in parse_mpls by @fklassen in #741
Bug #725 FORCE_ALIGN on arm by @fklassen in #742
Bug #729 tcpreplay_edit: disallow both -K and -l options by @fklassen in #743
Bug #735 heap-overflow in get_l2len_protocol by @fklassen in #744
Bug #745 remove autogen.sh from distribution tarballs by @fklassen in #747

Read More

FEDORA-2022-47484afa15

Packages in this update:

tcpreplay-4.4.2-1.fc36

Update description:

This is Tcpreplay suite 4.4.2

This release contains bug fixes only. What’s changed:

Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen in #738
Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721
Bug #717 avoid assertion in get_layer4_v6 by @fklassen in #739
Bug #718 improved heap-overflow protection by @fklassen in #740
Bug #719 better overflow protection in parse_mpls by @fklassen in #741
Bug #725 FORCE_ALIGN on arm by @fklassen in #742
Bug #729 tcpreplay_edit: disallow both -K and -l options by @fklassen in #743
Bug #735 heap-overflow in get_l2len_protocol by @fklassen in #744
Bug #745 remove autogen.sh from distribution tarballs by @fklassen in #747

Read More

FEDORA-2022-680ea95f71

Packages in this update:

tcpreplay-4.4.2-1.fc35

Update description:

This is Tcpreplay suite 4.4.2

This release contains bug fixes only. What’s changed:

Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen in #738
Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721
Bug #717 avoid assertion in get_layer4_v6 by @fklassen in #739
Bug #718 improved heap-overflow protection by @fklassen in #740
Bug #719 better overflow protection in parse_mpls by @fklassen in #741
Bug #725 FORCE_ALIGN on arm by @fklassen in #742
Bug #729 tcpreplay_edit: disallow both -K and -l options by @fklassen in #743
Bug #735 heap-overflow in get_l2len_protocol by @fklassen in #744
Bug #745 remove autogen.sh from distribution tarballs by @fklassen in #747

Read More

FEDORA-EPEL-2022-e8156314ff

Packages in this update:

tcpreplay-4.4.2-1.el9

Update description:

This is Tcpreplay suite 4.4.2

This release contains bug fixes only. What’s changed:

Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen in #738
Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721
Bug #717 avoid assertion in get_layer4_v6 by @fklassen in #739
Bug #718 improved heap-overflow protection by @fklassen in #740
Bug #719 better overflow protection in parse_mpls by @fklassen in #741
Bug #725 FORCE_ALIGN on arm by @fklassen in #742
Bug #729 tcpreplay_edit: disallow both -K and -l options by @fklassen in #743
Bug #735 heap-overflow in get_l2len_protocol by @fklassen in #744
Bug #745 remove autogen.sh from distribution tarballs by @fklassen in #747

Read More

FEDORA-2022-d31a521866

Packages in this update:

tcpreplay-4.4.2-1.fc37

Update description:

This is Tcpreplay suite 4.4.2

This release contains bug fixes only. What’s changed:

Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen in #738
Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721
Bug #717 avoid assertion in get_layer4_v6 by @fklassen in #739
Bug #718 improved heap-overflow protection by @fklassen in #740
Bug #719 better overflow protection in parse_mpls by @fklassen in #741
Bug #725 FORCE_ALIGN on arm by @fklassen in #742
Bug #729 tcpreplay_edit: disallow both -K and -l options by @fklassen in #743
Bug #735 heap-overflow in get_l2len_protocol by @fklassen in #744
Bug #745 remove autogen.sh from distribution tarballs by @fklassen in #747

Read More

FEDORA-EPEL-2022-cf9b662b60

Packages in this update:

tcpreplay-4.4.2-1.el7

Update description:

This is Tcpreplay suite 4.4.2

This release contains bug fixes only. What’s changed:

Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen in #738
Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721
Bug #717 avoid assertion in get_layer4_v6 by @fklassen in #739
Bug #718 improved heap-overflow protection by @fklassen in #740
Bug #719 better overflow protection in parse_mpls by @fklassen in #741
Bug #725 FORCE_ALIGN on arm by @fklassen in #742
Bug #729 tcpreplay_edit: disallow both -K and -l options by @fklassen in #743
Bug #735 heap-overflow in get_l2len_protocol by @fklassen in #744
Bug #745 remove autogen.sh from distribution tarballs by @fklassen in #747

Read More

The following vulnerabilities have been discovered in the WPE WebKit
web engine:

Read More