openSUSE-SU-2024:0106-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0106-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0106-1
Related
Published
2024-04-10T18:21:00Z
Modified
2024-04-10T18:21:00Z
Summary
Security update for sngrep
Details

This update for sngrep fixes the following issues:

  • Update to version 1.8.1

    • Fix CVE-2024-3119: sngrep: buffer overflow due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers.
    • Fix CVE-2024-3120: sngrep: stack-buffer overflow due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers.

  • Update to versino 1.8.0

    • fix typo in message, thanks to lintian.
    • fix compiler warnings about unused variables.
    • Fixed a typo in comment line in filter.c
    • Redefine usage of POSIX signals.
    • Support for building sngrep using CMake added.

  • Update to version 1.7.0

    • save: add option --text to save captured data to plain text
    • capture: fix memory overflows while parsing IP headers
    • hep: fix hep listener enabled in offline mode
    • core: stop sngrep when parent process has ended
    • ssl: fix decrypt with AES256 GCM SHA384 cipher
References

Affected packages

SUSE:Package Hub 15 SP5 / sngrep

Package

Name
sngrep
Purl
pkg:rpm/suse/sngrep&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-bp155.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "sngrep": "1.8.1-bp155.2.3.1"
        }
    ]
}

openSUSE:Leap 15.5 / sngrep

Package

Name
sngrep
Purl
pkg:rpm/opensuse/sngrep&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-bp155.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "sngrep": "1.8.1-bp155.2.3.1"
        }
    ]
}