Hello community,
here is the log from the commit of package wireshark for openSUSE:11.3
checked in at Thu Oct 13 17:34:42 CEST 2011.
--------
--- old-versions/11.3/UPDATES/all/wireshark/wireshark.changes 2011-05-03 11:44:22.000000000 +0200
+++ 11.3/wireshark/wireshark.changes 2011-10-10 11:12:42.000000000 +0200
@@ -1,0 +2,26 @@
+Mon Sep 26 14:07:31 CST 2011 - cyliu@novell.com
+
+- security fixes (#bnc 718032)
+ * CVE-2011-3266: Wireshark IKE dissector vulnerability
+ * CVE-2011-3360: Wireshark Lua script execution vulnerability
+ * CVE-2011-3483: Wireshark buffer exception handling vulnerability
+
+-------------------------------------------------------------------
+Wed Aug 10 06:25:28 UTC 2011 - cyliu@novell.com
+
+- security fixes (#bnc 706728)
+ * CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop
+ * CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop
+
+-------------------------------------------------------------------
+Mon Jul 18 07:43:08 UTC 2011 - cyliu@novell.com
+
+- security fixes [#bnc 697516]
+ * CVE-2011-1957: Large/infinite loop in the DICOM dissector
+ * CVE-2011-1959: A corrupted snoop file could crash Wireshark
+ * CVE-2011-2174: Malformed compressed capture data could crash Wireshark
+ * CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark
+ * CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter
+ dictionary
+
+-------------------------------------------------------------------
calling whatdependson for 11.3-i586
New:
----
wireshark-1.2.17-CVE-2011-1957.patch
wireshark-1.2.17-CVE-2011-1958.patch
wireshark-1.2.17-CVE-2011-1959.patch
wireshark-1.2.17-CVE-2011-2174.patch
wireshark-1.2.17-CVE-2011-2175.patch
wireshark-1.4.8-CVE-2011-2597.patch
wireshark-1.4.8-CVE-2011-2698.patch
wireshark-1.6.2-CVE-2011-3266.patch
wireshark-1.6.2-CVE-2011-3360.patch
wireshark-1.6.2-CVE-2011-3483.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ wireshark.spec ++++++
--- /var/tmp/diff_new_pack.3OC1aZ/_old 2011-10-13 17:34:12.000000000 +0200
+++ /var/tmp/diff_new_pack.3OC1aZ/_new 2011-10-13 17:34:12.000000000 +0200
@@ -21,7 +21,7 @@
Name: wireshark
Version: 1.4.4
-Release: 0.<RELEASE4>
+Release: 0.<RELEASE6>
License: GPLv2+
Summary: A Network Traffic Analyser
Url: http://www.wireshark.org/
@@ -39,6 +39,17 @@
Patch6: %{name}-%{version}-CVE-2011-1592.patch
Patch7: %{name}-%{version}-CVE-2011-1590.patch
Patch8: %{name}-%{version}-CVE-2011-1591.patch
+Patch9: %{name}-1.2.17-CVE-2011-1957.patch
+Patch10: %{name}-1.2.17-CVE-2011-1959.patch
+Patch11: %{name}-1.2.17-CVE-2011-2174.patch
+Patch12: %{name}-1.2.17-CVE-2011-2175.patch
+Patch13: %{name}-1.2.17-CVE-2011-1958.patch
+Patch14: %{name}-1.4.8-CVE-2011-2597.patch
+Patch15: %{name}-1.4.8-CVE-2011-2698.patch
+Patch16: %{name}-1.6.2-CVE-2011-3266.patch
+Patch17: %{name}-1.6.2-CVE-2011-3360.patch
+Patch18: %{name}-1.6.2-CVE-2011-3483.patch
+
BuildRequires: bison
BuildRequires: cairo-devel
BuildRequires: flex
@@ -104,6 +115,16 @@
%patch6 -p1
%patch7
%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
# run as root on 11.3 and older - bnc#349782
++++++ wireshark-1.2.17-CVE-2011-1957.patch ++++++
--- trunk/epan/dissectors/packet-dcm.c 2011/04/30 08:36:00 36957
+++ trunk/epan/dissectors/packet-dcm.c 2011/04/30 17:43:05 36958
@@ -6519,6 +6519,7 @@
/* Process all PDUs in the buffer */
while (pdu_start < tlen) {
+ guint32 old_pdu_start;
if ((pdu_len+6) > (tlen-offset)) {
@@ -6539,7 +6540,13 @@
offset=dissect_dcm_pdu(tvb, pinfo, tree, pdu_start);
/* Next PDU */
+ old_pdu_start = pdu_start;
pdu_start = pdu_start + pdu_len + 6;
+ if (pdu_start <= old_pdu_start) {
+ expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR,
+ "Invalid PDU length (%u)", pdu_len);
+ THROW(ReportedBoundsError);
+ }
if (pdu_start < tlen - 6) {
/* we got at least 6 bytes of the next PDU still in the buffer */
++++++ wireshark-1.2.17-CVE-2011-1958.patch ++++++
--- trunk/epan/diam_dict.l 2011/05/06 15:05:51 37010
+++ trunk/epan/diam_dict.l 2011/05/06 19:39:47 37011
@@ -269,9 +269,6 @@
yyterminate();
}
- include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
-
-
for (e = ents.next; e; e = e->next) {
if (strcmp(e->name,yytext) == 0) {
yyin = ddict_open(sys_dir,e->file);
@@ -282,6 +279,7 @@
yyterminate();
}
} else {
+ include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER;
yy_switch_to_buffer(yy_create_buffer( yyin, YY_BUF_SIZE ) );
BEGIN LOADING;
}
@@ -290,7 +288,7 @@
}
if (!e) {
- fprintf(stderr, "Could not find entity: '%s'", e->name );
+ fprintf(stderr, "Could not find entity: '%s'\n", yytext );
yyterminate();
}
++++++ wireshark-1.2.17-CVE-2011-1959.patch ++++++
--- trunk/wiretap/snoop.c 2011/05/11 20:40:14 37067
+++ trunk/wiretap/snoop.c 2011/05/11 22:36:59 37068
@@ -473,6 +473,16 @@
rec_size = g_ntohl(hdr.rec_len);
orig_size = g_ntohl(hdr.orig_len);
packet_size = g_ntohl(hdr.incl_len);
+ if (orig_size > WTAP_MAX_PACKET_SIZE) {
+ /*
+ * Probably a corrupt capture file; don't blow up trying
+ * to allocate space for an immensely-large packet.
+ */
+ *err = WTAP_ERR_BAD_RECORD;
+ *err_info = g_strdup_printf("snoop: File has %u-byte original length, bigger than maximum of %u",
+ orig_size, WTAP_MAX_PACKET_SIZE);
+ return FALSE;
+ }
if (packet_size > WTAP_MAX_PACKET_SIZE) {
/*
* Probably a corrupt capture file; don't blow up trying
++++++ wireshark-1.2.17-CVE-2011-2174.patch ++++++
--- trunk/epan/tvbuff.c 2011/05/12 15:48:51 37080
+++ trunk/epan/tvbuff.c 2011/05/12 16:31:42 37081
@@ -3425,9 +3425,9 @@
inflateEnd(strm);
g_free(strm);
g_free(strmbuf);
- g_free(compr);
if (uncompr == NULL) {
+ g_free(compr);
return NULL;
}
++++++ wireshark-1.2.17-CVE-2011-2175.patch ++++++
--- trunk/wiretap/visual.c 2011/05/13 17:05:05 37127
+++ trunk/wiretap/visual.c 2011/05/13 17:12:44 37128
@@ -420,6 +420,15 @@
break;
}
+ if (wth->phdr.len > WTAP_MAX_PACKET_SIZE) {
+ /* Check if wth->phdr.len is sane, small values of wth.phdr.len before
+ the case loop above can cause integer underflows */
+ *err = WTAP_ERR_BAD_RECORD;
+ *err_info = g_strdup_printf("visual: File has %u-byte original packet, bigger than maximum of %u",
+ wth->phdr.len, WTAP_MAX_PACKET_SIZE);
+ return FALSE;
+ }
+
/* Sanity check */
if (wth->phdr.len < wth->phdr.caplen)
{
++++++ wireshark-1.4.8-CVE-2011-2597.patch ++++++
--- trunk/wiretap/ascend_scanner.l 2011/06/08 18:26:50 37624
+++ trunk/wiretap/ascend_scanner.l 2011/06/08 20:58:44 37625
@@ -16,17 +16,17 @@
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez