type: security
subject: Updated tcpreplay packages fixes security vulnerabilities
CVE:
 - CVE-2019-8376
 - CVE-2019-8377
 - CVE-2019-8381
src:
  6:
   core:
     - tcpreplay-4.3.2-1.mga6
description: |
  pdated tcpreplay package fixes security vulnerabilities:

  An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference
  occurred in the function get_layer4_v6() located at get.c. This can be
  triggered by sending a crafted pcap file to the tcpreplay-edit binary.
  It allows an attacker to cause a Denial of Service (Segmentation fault)
  or possibly have unspecified other impact (CVE-2019-8376).

  An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference
  occurred in the function get_ipv6_l4proto() located at get.c. This can be
  triggered by sending a crafted pcap file to the tcpreplay-edit binary. It
  allows an attacker to cause a Denial of Service (Segmentation fault) or
  possibly have unspecified other impact (CVE-2019-8377).

  An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs
  in do_checksum in checksum.c. It can be triggered by sending a crafted pcap
  file to the tcpreplay-edit binary. It allows an attacker to cause a Denial
  of Service (Segmentation fault) or possibly have unspecified other impact
  (CVE-2019-8381).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24581
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/