Your message dated Sun, 29 Dec 2024 17:02:32 +0000
with message-id <[email protected]>
and subject line Bug#1090388: fixed in fastnetmon 1.2.4-2+deb12u1
has caused the Debian Bug report #1090388,
regarding fastnetmon: CVE-2024-56072
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1090388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090388
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: fastnetmon
Version: 1.2.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for fastnetmon.
CVE-2024-56072[0]:
| An issue was discovered in FastNetMon Community Edition through
| 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial
| of service (application crash) via a crafted packet that specifies
| many sFlow samples.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-56072
https://www.cve.org/CVERecord?id=CVE-2024-56072
[1]
https://github.com/pavel-odintsov/fastnetmon/commit/5164a29603fff9dd445b7660a35090989f005000
[2]
https://github.com/pavel-odintsov/fastnetmon/commit/65c40ee92dd5bcad1ab52cbafa1afd62cf669e48
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: fastnetmon
Source-Version: 1.2.4-2+deb12u1
Done: Patrick Matthäi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
fastnetmon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated fastnetmon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 23 Dec 2024 10:30:10 +0100
Source: fastnetmon
Architecture: source
Version: 1.2.4-2+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Closes: 1090387 1090388
Changes:
fastnetmon (1.2.4-2+deb12u1) bookworm-security; urgency=medium
.
[ Moritz Mühlenhoff ]
* Fixes CVE-2024-56073: Zero-length templates for Netflow v9 allow remote
attackers to cause a denial of service (divide-by-zero error and
application crash).
Closes: #1090387
* Fixes CVE-2024-56072: The sFlow v5 plugin allows remote attackers to cause
a denial of service (application crash) via a crafted packet that
specifies many sFlow samples.
Closes: #1090388
Checksums-Sha1:
83f53634e09f293fcbe0e825aa739adcf1f9f3ad 2322 fastnetmon_1.2.4-2+deb12u1.dsc
ac18fdb65c8ca3295b2b8b70494194ccd4eecf46 1056097 fastnetmon_1.2.4.orig.tar.gz
8845c07583c208a8e6079d10da55988882f3f800 12776
fastnetmon_1.2.4-2+deb12u1.debian.tar.xz
98994b1f33cde4ad7fcb7100933d435cea547c12 12550
fastnetmon_1.2.4-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
45910deed0e406cd4a128583eb77b323642ba34fc934df379d11507d0832d058 2322
fastnetmon_1.2.4-2+deb12u1.dsc
84cd5db0e270f6c268923592eabd5cb0d1689293d9d9f6f0634af548b29f9bb4 1056097
fastnetmon_1.2.4.orig.tar.gz
a1124b5cfd18151a9cf8ca55bace8b4988ffe872765001ddcd3b27fc415a7a39 12776
fastnetmon_1.2.4-2+deb12u1.debian.tar.xz
80a7e047172a9e045c97fcb4112860fd42302c1258730ad68ecbc46bf16dd3fa 12550
fastnetmon_1.2.4-2+deb12u1_amd64.buildinfo
Files:
c2c33229f52196969c85ca5cf389a419 2322 net optional
fastnetmon_1.2.4-2+deb12u1.dsc
0dab1097b5efd6fc2e39fea784bfd3a6 1056097 net optional
fastnetmon_1.2.4.orig.tar.gz
fe78edb8a569ed0b3768d74ecc72e6ed 12776 net optional
fastnetmon_1.2.4-2+deb12u1.debian.tar.xz
be6023df89d06bec6bcc66411eadb19f 12550 net optional
fastnetmon_1.2.4-2+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAmdpTh4ACgkQEtmwSpDL
2OSxYg//a6L/LRH1f16JQmvBV/Nc2hT8Yw/zbkUvP0Fkb/dKGKUrz2AUls/vJ6VV
PjO80Oh1BCJGSd7gh28AUqGjtZt8aA0ebmyoBuOSKyim8lLhImj0cf4FimObQRfA
WYXAoX5IAPzwy1UubokC4pFJHnWuRho03Yo3Lf4dYBtxWArp0JHjLmXbdj4FqQCE
XzjAvwdSnSqFZS1QUorgbFiPMBzCweF7OEscLhkXkP/kaOG869GWRB3yy/y/qUey
cvPKOzO8LXrG5e8e1Ab0vw9EdaIIKx3B+OEPFg6BIoADkGYwmH+Gci8zuf+t3bC1
rwiJRMLCngofo06LBNP2ETaU788tCNlsascGE4viGmf3z6m8AjY1k6id8hmgtvdk
wQkkQ0f/aBZZz1xu/XRS6gvuUH5eUFBmoiMyuntKN0+k3lc6tr0HWRKlT/yo2SGr
YKPdaD4v9Jc2tgqV4DrZgJFLD/a6733wfO9/YxQkJ4il2RUwuTwrRNZiCWQf2d4O
XhS1slZJ32wT3riL2RoyGUfYmF87JWz9ad/igr1Xh23wwUJw869gTLb2EXnx1Gj+
pD0ODhO7g0BGEMyCERRjOrueKHD8zC0CgczNFp6eANNvtTTTi0KgG40J8p4ptXu+
EnIiFiETzy2YU5Nc60zf65EP5demBe6x/wkvIXHMhuS8yn35t7A=
=EwgV
-----END PGP SIGNATURE-----
pgp2NEjsZy9ew.pgp
Description: PGP signature
--- End Message ---
