[SECURITY] [DLA 4478-1] tcpflow security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4478-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Paride Legovini
February 10, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : tcpflow
Version : 1.5.2+repack1-1+deb11u1
CVE ID : CVE-2026-25061
Debian Bug : #1126695
A bug has been found in the tcpflow package: a wrong length check in the
802.11 management frame parser allows a crafted frame with a large TIM
length to cause an out-of-bounds write, resulting in a DoS and potentially
in code execution.
For Debian 11 bullseye, this problem has been fixed in version
1.5.2+repack1-1+deb11u1.
We recommend that you upgrade your tcpflow packages.
For the detailed security status of tcpflow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tcpflow
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
wsC7BAEBCgBvBYJpi4GgCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeqsEOAzr1i08JsIvsTsQmBP4dN4+I1RfSSB+pCjqZX
3BYhBFYa1YXu12aSG6jdltZYYYg+AU25AADZOQgAk/thkZvBmUQqUj4OzAGAcR84
5nmqVUzQe2vlcCacTd1esAiMfP1msgj4H8v9tiuYoXqCED8Dgb5X7kGjZc5eKCYO
FJHR9GSavAhzZUdbdZRCasaSqqfv0gazH37Zq0UKzf1B8VvU/hhZtqW+gTW18vpb
sy4BFoZF2hz9qH6BDk4WAeL6q9q7RKN6x4trKGLvx3kIC/tAcvEM6dghmnG78K63
y7034DhSe0uq9ybgE+neaZ1Q1UnNaPqRGt/5iTbacMciqNadKppm3AavOEmvCQxx
Zo/qMaSS4EuwzuVssda+RS5Q3k0MSv1HgaUTfxI3Wp9pvPjTfMWjzqG0edLgqg==
=NU8r
-----END PGP SIGNATURE-----
Reply to: