diff --git a/wireshark-1.6.2-CVE-2011-3266.patch b/wireshark-1.6.2-CVE-2011-3266.patch new file mode 100644 index 0000000..c583a45 --- /dev/null +++ b/wireshark-1.6.2-CVE-2011-3266.patch @@ -0,0 +1,19 @@ +--- trunk/epan/dissectors/packet-isakmp.c 2011/07/28 18:17:16 38246 ++++ trunk/epan/dissectors/packet-isakmp.c 2011/07/28 22:19:46 38247 +@@ -3880,12 +3880,13 @@ + offset += 2; + length -= 2; + +- +- while (length > 0) { ++ if (spi_size > 0) { ++ while (length > 0) { + proto_tree_add_item(tree, hf_isakmp_delete_spi, tvb, offset, spi_size, FALSE); + offset+=spi_size; + length-=spi_size; +- } ++ } ++ } + } + + diff --git a/wireshark-1.6.2-CVE-2011-3360.patch b/wireshark-1.6.2-CVE-2011-3360.patch new file mode 100644 index 0000000..28b5a6a --- /dev/null +++ b/wireshark-1.6.2-CVE-2011-3360.patch @@ -0,0 +1,10 @@ +--- trunk/epan/wslua/template-init.lua 2011/08/08 17:59:32 38413 ++++ trunk/epan/wslua/template-init.lua 2011/08/08 19:10:19 38414 +@@ -73,5 +73,5 @@ + DATA_DIR = datafile_path() + USER_DIR = persconffile_path() + +-dofile("console.lua") +---dofile("dtd_gen.lua") ++dofile(DATA_DIR.."console.lua") ++--dofile(DATA_DIR.."dtd_gen.lua") diff --git a/wireshark-1.6.2-CVE-2011-3483.patch b/wireshark-1.6.2-CVE-2011-3483.patch new file mode 100644 index 0000000..75a8efb --- /dev/null +++ b/wireshark-1.6.2-CVE-2011-3483.patch @@ -0,0 +1,12 @@ +Index: wireshark-1.4.4/epan/packet.c +=================================================================== +--- wireshark-1.4.4.orig/epan/packet.c ++++ wireshark-1.4.4/epan/packet.c +@@ -321,6 +321,7 @@ dissect_packet(epan_dissect_t *edt, unio + edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN; + edt->pi.dcerpc_procedure_name=""; + edt->pi.link_dir = LINK_DIR_UNKNOWN; ++ edt->tvb = NULL; + + /* to enable decode as for ethertype=0x0000 (fix for bug 4721) */ + edt->pi.ethertype = G_MAXINT; diff --git a/wireshark.changes b/wireshark.changes index 0745ff0..9b95651 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Sep 26 14:07:31 CST 2011 - cyliu@novell.com + +- security fixes (#bnc 718032) + * CVE-2011-3266: Wireshark IKE dissector vulnerability + * CVE-2011-3360: Wireshark Lua script execution vulnerability + * CVE-2011-3483: Wireshark buffer exception handling vulnerability + ------------------------------------------------------------------- Wed Aug 10 06:25:28 UTC 2011 - cyliu@novell.com diff --git a/wireshark.spec b/wireshark.spec index 8254de9..b935190 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -45,6 +45,9 @@ Patch9: %{name}-1.2.17-CVE-2011-2175.patch Patch10: %{name}-1.2.17-CVE-2011-1958.patch Patch11: %{name}-1.4.8-CVE-2011-2597.patch Patch12: %{name}-1.4.8-CVE-2011-2698.patch +Patch13: %{name}-1.6.2-CVE-2011-3266.patch +Patch14: %{name}-1.6.2-CVE-2011-3360.patch +Patch15: %{name}-1.6.2-CVE-2011-3483.patch BuildRequires: bison BuildRequires: cairo-devel BuildRequires: flex @@ -114,6 +117,9 @@ view the reconstructed stream of a TCP session. %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop # run as root on 11.3 and older - bnc#349782