FEDORA-2019-0fbfb00cbb — security update for nfdump

stable

nfdump-1.6.18-1.fc30

FEDORA-2019-0fbfb00cbb created by dfateyev 5 years ago for Fedora 30

2019-08-14

Fix compile issues
Fix output buffer size for lzo1x_decompress_safe()

2019-08-07

Fix VerifyExtensionMap #179

2019-08-06

Fix compile errors

2019-08-05

Fix nfdump.1 man page. #175
Fix off by 1 array. #173
Fix use after free in ModifyCompressFile
Add bound checks in AddExporterStat #174
Add bound checks in AddSamplerInfo #176
Add bound checks in AddExporterInfo
Fix checks in InsertExtensionMap #177
Remove COMPAT15 code - should no longer be needed.
Move version to v1.6.18
Merge pull request #167
Cleanup old code
Replace depricated pcap_lookupdev call in nfpcapd

2019-07-31

Add early record size sanity check also for nfprofile, nfanon and nfreplay

2019-07-26

nfpcapd cleanup, add some more monitoring
Fix hbo_exporter.c:249_1 segfault
Fix hbo_nffile_inline.c:85_1 segfault
Fix hbo_nfx.c:216_3 segfault
Update minilzo to v2.10
Change to safe lzo decompress function

2019-07-25

Rework nfpcapd and add it officially to the nfdump collection.
Add nfpcapd man page
Fix potential unsigned integer underflow #171

2019-07-16

Add latency extension if dumping flowcache

2019-07-15

Fix typos
Fix exporter struct inconsistancies. Coredump on ARM otherwise.

2019-07-02

Add ipfix element #150, #151 unix time start/end
Fix display bug raw record

2019-06-01

Add ipfix dyn element handling.
Add empty m4 directory - keep autoconf happy

2019-06-01

Fix issue #162 - ipfix mpls sequece.
Fix issue #156 - print flowtable index error

2019-03-17

Fix spec file
Remove non thread safe logging in nfpcapd

2018-11-24

Fix protocol tag for protocol 87 - TCF - #130
Add TCP flags ECN,CVR - #132
Fix some error messages to be printed to the correct stream #135
Add missing -M command line help to nfcapd
Remove padding byte warning in log #141
Fix bug to accept -y compression flag in nfcapd. - #145

2018-06-24

Fix bookkeeper type - use key_t
Add multiple packet repeaters to nfcapd/sfcapd. Up to 8 repeaters (-R) can be defined.
Ignore OSX .DS_Store files in -R file list
Add CISCO ASA elements initiatorPackets (298) responderPackets (299)
Merge #120 pull request for -z parameter to nfreplay
Update man page nfreplay

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2019-0fbfb00cbb

This update has been submitted for testing by dfateyev.

5 years ago

This update's test gating status has been changed to 'waiting'.

5 years ago

This update's test gating status has been changed to 'ignored'.

5 years ago

This update has been pushed to testing.

5 years ago

This update can be pushed to stable now if the maintainer wishes

5 years ago

This update has been submitted for stable by bodhi.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

5 years ago

in testing

5 years ago

in stable

5 years ago

Builds

nfdump-1.6.18-1.fc30

BZ#1735554 CVE-2019-1010057 nfdump: buffer overflow in nfx.c, nffile_inline.c and minilzo.c [fedora-all]

BZ#1735555 CVE-2019-1010057 nfdump: buffer overflow in nfx.c, nffile_inline.c and minilzo.c [epel-all]

BZ#1735648 CVE-2019-14459 nfdump: integer overflow in function Process_ipfix_template_withdraw in ipfix.c leads to denial of service [fedora-all]

BZ#1735649 CVE-2019-14459 nfdump: integer overflow in function Process_ipfix_template_withdraw in ipfix.c leads to denial of service [epel-all]

nfdump-1.6.18-1.fc30

Automated Test Results

ignored