Libexpat Expat CVE-2012-6702 Predictable Random Number Generator Weakness
tcpreplay-4.2.1-1.el5
Here is what is fixed in this release:
– Fix reporting of rates < 1Mbps (#348)
– Option –unique-ip not working properly (#346)
—-
Features and fixes include:
– MAC rewriting capabilities by Pedro Arthur (#313)
– Fix several issues identified by Coverity (#305)
– Packet distortion –fuzz-seed option by Gabriel Ganne (#302)
– Add –unique-ip-loops option to modify IPs every few loops (#296)
– Netmap startup delay increase (#290)
– tcpcapinfo buffer overflow vulnerablily (#278)
– Update git-clone instructions by Kyle McDonald (#277)
– Allow fractions for –pps option (#270)
– Print per-loop stats with –stats=0 (#269)
– Add protection against packet drift by Guillaume Scott (#268)
– Print flow stats periodically with –stats output (#262)
– Include Travis-CI build support by Ilya Shipitsin (#264) (#285)
– tcpreplay won’t replay all packets in a pcap file with –netmap (#255)
– First and last packet times in –stats output (#239)
– Switch to wire speed after 30 minutes at 6 Gbps (#210)
– tcprewrite fix checksum properly for fragmented packets (#190)
tcpreplay-4.2.1-1.fc25
Here is what is fixed in this release:
– Fix reporting of rates < 1Mbps (#348)
– Option –unique-ip not working properly (#346)
—-
Features and fixes include:
– MAC rewriting capabilities by Pedro Arthur (#313)
– Fix several issues identified by Coverity (#305)
– Packet distortion –fuzz-seed option by Gabriel Ganne (#302)
– Add –unique-ip-loops option to modify IPs every few loops (#296)
– Netmap startup delay increase (#290)
– tcpcapinfo buffer overflow vulnerablily (#278)
– Update git-clone instructions by Kyle McDonald (#277)
– Allow fractions for –pps option (#270)
– Print per-loop stats with –stats=0 (#269)
– Add protection against packet drift by Guillaume Scott (#268)
– Print flow stats periodically with –stats output (#262)
– Include Travis-CI build support by Ilya Shipitsin (#264) (#285)
– tcpreplay won’t replay all packets in a pcap file with –netmap (#255)
– First and last packet times in –stats output (#239)
– Switch to wire speed after 30 minutes at 6 Gbps (#210)
– tcprewrite fix checksum properly for fragmented packets (#190)
tcpreplay-4.2.1-1.el6
Here is what is fixed in this release:
– Fix reporting of rates < 1Mbps (#348)
– Option –unique-ip not working properly (#346)
—-
Features and fixes include:
– MAC rewriting capabilities by Pedro Arthur (#313)
– Fix several issues identified by Coverity (#305)
– Packet distortion –fuzz-seed option by Gabriel Ganne (#302)
– Add –unique-ip-loops option to modify IPs every few loops (#296)
– Netmap startup delay increase (#290)
– tcpcapinfo buffer overflow vulnerablily (#278)
– Update git-clone instructions by Kyle McDonald (#277)
– Allow fractions for –pps option (#270)
– Print per-loop stats with –stats=0 (#269)
– Add protection against packet drift by Guillaume Scott (#268)
– Print flow stats periodically with –stats output (#262)
– Include Travis-CI build support by Ilya Shipitsin (#264) (#285)
– tcpreplay won’t replay all packets in a pcap file with –netmap (#255)
– First and last packet times in –stats output (#239)
– Switch to wire speed after 30 minutes at 6 Gbps (#210)
– tcprewrite fix checksum properly for fragmented packets (#190)
—-
Patch CVE-2017-6429.
Tcpcapinfo utility of Tcpreplay has a buffer overflow vulnerability associated with parsing a crafted pcap file. This occurs in the src/tcpcapinfo.c file when capture has a packet that is too large to handle.
References:
http://seclists.org/bugtraq/2017/Mar/22
Upstream bug:
https://github.com/appneta/tcpreplay/issues/278
tcpreplay-4.2.1-1.el7
Here is what is fixed in this release:
– Fix reporting of rates < 1Mbps (#348)
– Option –unique-ip not working properly (#346)
—-
Features and fixes include:
– MAC rewriting capabilities by Pedro Arthur (#313)
– Fix several issues identified by Coverity (#305)
– Packet distortion –fuzz-seed option by Gabriel Ganne (#302)
– Add –unique-ip-loops option to modify IPs every few loops (#296)
– Netmap startup delay increase (#290)
– tcpcapinfo buffer overflow vulnerablily (#278)
– Update git-clone instructions by Kyle McDonald (#277)
– Allow fractions for –pps option (#270)
– Print per-loop stats with –stats=0 (#269)
– Add protection against packet drift by Guillaume Scott (#268)
– Print flow stats periodically with –stats output (#262)
– Include Travis-CI build support by Ilya Shipitsin (#264) (#285)
– tcpreplay won’t replay all packets in a pcap file with –netmap (#255)
– First and last packet times in –stats output (#239)
– Switch to wire speed after 30 minutes at 6 Gbps (#210)
– tcprewrite fix checksum properly for fragmented packets (#190)
—-
Patch CVE-2017-6429.
Tcpcapinfo utility of Tcpreplay has a buffer overflow vulnerability associated with parsing a crafted pcap file. This occurs in the src/tcpcapinfo.c file when capture has a packet that is too large to handle.
References:
http://seclists.org/bugtraq/2017/Mar/22
Upstream bug:
https://github.com/appneta/tcpreplay/issues/278
tcpreplay-4.2.1-1.fc24
Here is what is fixed in this release:
– Fix reporting of rates < 1Mbps (#348)
– Option –unique-ip not working properly (#346)
—-
Features and fixes include:
– MAC rewriting capabilities by Pedro Arthur (#313)
– Fix several issues identified by Coverity (#305)
– Packet distortion –fuzz-seed option by Gabriel Ganne (#302)
– Add –unique-ip-loops option to modify IPs every few loops (#296)
– Netmap startup delay increase (#290)
– tcpcapinfo buffer overflow vulnerablily (#278)
– Update git-clone instructions by Kyle McDonald (#277)
– Allow fractions for –pps option (#270)
– Print per-loop stats with –stats=0 (#269)
– Add protection against packet drift by Guillaume Scott (#268)
– Print flow stats periodically with –stats output (#262)
– Include Travis-CI build support by Ilya Shipitsin (#264) (#285)
– tcpreplay won’t replay all packets in a pcap file with –netmap (#255)
– First and last packet times in –stats output (#239)
– Switch to wire speed after 30 minutes at 6 Gbps (#210)
– tcprewrite fix checksum properly for fragmented packets (#190)
tcpreplay-4.2.1-1.fc26
Here is what is fixed in this release:
– Fix reporting of rates < 1Mbps (#348)
– Option –unique-ip not working properly (#346)
—-
Features and fixes include:
– MAC rewriting capabilities by Pedro Arthur (#313)
– Fix several issues identified by Coverity (#305)
– Packet distortion –fuzz-seed option by Gabriel Ganne (#302)
– Add –unique-ip-loops option to modify IPs every few loops (#296)
– Netmap startup delay increase (#290)
– tcpcapinfo buffer overflow vulnerablily (#278)
– Update git-clone instructions by Kyle McDonald (#277)
– Allow fractions for –pps option (#270)
– Print per-loop stats with –stats=0 (#269)
– Add protection against packet drift by Guillaume Scott (#268)
– Print flow stats periodically with –stats output (#262)
– Include Travis-CI build support by Ilya Shipitsin (#264) (#285)
– tcpreplay won’t replay all packets in a pcap file with –netmap (#255)
– First and last packet times in –stats output (#239)
– Switch to wire speed after 30 minutes at 6 Gbps (#210)
– tcprewrite fix checksum properly for fragmented packets (#190)
CVE-2017-7251
A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data (preview) passed to the “pi-develop/www/script/editor/markitup/preview/markdown.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-7248
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the ‘Gazelle-master/sections/better/transcode.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-7247
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the ‘Gazelle-master/sections/tools/managers/multiple_freeleech.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.