Accepting request 87344 from home:cyliu:branches:network:utilities

- security fixes (#bnc 718032)
  * CVE-2011-3266: Wireshark IKE dissector vulnerability
  * CVE-2011-3360: Wireshark Lua script execution vulnerability
  * CVE-2011-3483: Wireshark buffer exception handling vulnerability

OBS-URL: https://build.opensuse.org/request/show/87344
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=44
This commit is contained in:
Pavol Rusnak 2011-10-11 15:51:00 +00:00 committed by Git OBS Bridge
parent 429cb13517
commit c87cef8c94
5 changed files with 55 additions and 0 deletions

View File

@ -0,0 +1,19 @@
--- trunk/epan/dissectors/packet-isakmp.c 2011/07/28 18:17:16 38246
+++ trunk/epan/dissectors/packet-isakmp.c 2011/07/28 22:19:46 38247
@@ -3880,12 +3880,13 @@
offset += 2;
length -= 2;
-
- while (length > 0) {
+ if (spi_size > 0) {
+ while (length > 0) {
proto_tree_add_item(tree, hf_isakmp_delete_spi, tvb, offset, spi_size, FALSE);
offset+=spi_size;
length-=spi_size;
- }
+ }
+ }
}

View File

@ -0,0 +1,10 @@
--- trunk/epan/wslua/template-init.lua 2011/08/08 17:59:32 38413
+++ trunk/epan/wslua/template-init.lua 2011/08/08 19:10:19 38414
@@ -73,5 +73,5 @@
DATA_DIR = datafile_path()
USER_DIR = persconffile_path()
-dofile("console.lua")
---dofile("dtd_gen.lua")
+dofile(DATA_DIR.."console.lua")
+--dofile(DATA_DIR.."dtd_gen.lua")

View File

@ -0,0 +1,12 @@
Index: wireshark-1.4.4/epan/packet.c
===================================================================
--- wireshark-1.4.4.orig/epan/packet.c
+++ wireshark-1.4.4/epan/packet.c
@@ -321,6 +321,7 @@ dissect_packet(epan_dissect_t *edt, unio
edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN;
edt->pi.dcerpc_procedure_name="";
edt->pi.link_dir = LINK_DIR_UNKNOWN;
+ edt->tvb = NULL;
/* to enable decode as for ethertype=0x0000 (fix for bug 4721) */
edt->pi.ethertype = G_MAXINT;

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Sep 26 14:07:31 CST 2011 - cyliu@novell.com
- security fixes (#bnc 718032)
* CVE-2011-3266: Wireshark IKE dissector vulnerability
* CVE-2011-3360: Wireshark Lua script execution vulnerability
* CVE-2011-3483: Wireshark buffer exception handling vulnerability
-------------------------------------------------------------------
Wed Aug 10 06:25:28 UTC 2011 - cyliu@novell.com

View File

@ -45,6 +45,9 @@ Patch9: %{name}-1.2.17-CVE-2011-2175.patch
Patch10: %{name}-1.2.17-CVE-2011-1958.patch
Patch11: %{name}-1.4.8-CVE-2011-2597.patch
Patch12: %{name}-1.4.8-CVE-2011-2698.patch
Patch13: %{name}-1.6.2-CVE-2011-3266.patch
Patch14: %{name}-1.6.2-CVE-2011-3360.patch
Patch15: %{name}-1.6.2-CVE-2011-3483.patch
BuildRequires: bison
BuildRequires: cairo-devel
BuildRequires: flex
@ -114,6 +117,9 @@ view the reconstructed stream of a TCP session.
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
# run as root on 11.3 and older - bnc#349782