!26 fix CVE-2020-25862 CVE-2020-25863
From: @wangxiao65 Reviewed-by: @small_leek Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot
Gitee
commit
8af5fc9b14
31
CVE-2020-25862.patch
Normal file
31
CVE-2020-25862.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 7f3fe6164a68b76d9988c4253b24d43f498f1753 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pascal Quantin <pascal@wireshark.org>
|
||||||
|
Date: Tue, 1 Sep 2020 17:22:14 +0200
|
||||||
|
Subject: [PATCH] TCP: do not use an unknown status when the checksum is 0xffff
|
||||||
|
|
||||||
|
Otherwise it triggers an assert when adding the column as the field is
|
||||||
|
defined as BASE_NONE and not BASE_DEC or BASE_HEX. Thus an unknown value
|
||||||
|
(not in proto_checksum_vals[)array) cannot be represented.
|
||||||
|
Mark the checksum as bad even if we process the packet.
|
||||||
|
Closes #16816
|
||||||
|
|
||||||
|
---
|
||||||
|
epan/dissectors/packet-tcp.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c
|
||||||
|
index db8ef31639..fc83f665d1 100644
|
||||||
|
--- a/epan/dissectors/packet-tcp.c
|
||||||
|
+++ b/epan/dissectors/packet-tcp.c
|
||||||
|
@@ -6230,7 +6230,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
||||||
|
PROTO_ITEM_SET_GENERATED(item);
|
||||||
|
/* XXX - What should this special status be? */
|
||||||
|
item = proto_tree_add_uint(checksum_tree, hf_tcp_checksum_status, tvb,
|
||||||
|
- offset + 16, 0, 4);
|
||||||
|
+ offset + 16, 0, PROTO_CHECKSUM_E_BAD);
|
||||||
|
PROTO_ITEM_SET_GENERATED(item);
|
||||||
|
expert_add_info(pinfo, item, &ei_tcp_checksum_ffff);
|
||||||
|
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
39
CVE-2020-25863.patch
Normal file
39
CVE-2020-25863.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From 5803c7b87b3414cdb8bf502af50bb406ca774482 Mon Sep 17 00:00:00 2001
|
||||||
|
From: George Hopkins <george-hopkins@null.net>
|
||||||
|
Date: Wed, 2 Sep 2020 10:05:25 +0000
|
||||||
|
Subject: [PATCH] multipart: fix deallocation of invalid parts
|
||||||
|
|
||||||
|
Fixes #16741
|
||||||
|
|
||||||
|
|
||||||
|
(cherry picked from commit 2411eae9edb562e80c45962c74945238a94e5d3b)
|
||||||
|
---
|
||||||
|
epan/dissectors/packet-multipart.c | 9 ++++-----
|
||||||
|
1 file changed, 4 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/epan/dissectors/packet-multipart.c b/epan/dissectors/packet-multipart.c
|
||||||
|
index 0e8d9103f1..b972969940 100644
|
||||||
|
--- a/epan/dissectors/packet-multipart.c
|
||||||
|
+++ b/epan/dissectors/packet-multipart.c
|
||||||
|
@@ -340,14 +340,13 @@ get_multipart_info(packet_info *pinfo, http_message_info_t *message_info)
|
||||||
|
parameters = unfold_and_compact_mime_header(message_info->media_str, &dummy);
|
||||||
|
|
||||||
|
start_boundary = ws_find_media_type_parameter(wmem_packet_scope(), parameters, "boundary");
|
||||||
|
-
|
||||||
|
- if(!start_boundary) {
|
||||||
|
+ if (!start_boundary) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
- if(strncmp(type, "multipart/encrypted", sizeof("multipart/encrypted")-1) == 0) {
|
||||||
|
+
|
||||||
|
+ if (strncmp(type, "multipart/encrypted", sizeof("multipart/encrypted") - 1) == 0) {
|
||||||
|
start_protocol = ws_find_media_type_parameter(wmem_packet_scope(), parameters, "protocol");
|
||||||
|
- if(!start_protocol) {
|
||||||
|
- g_free(start_boundary);
|
||||||
|
+ if (!start_protocol) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: wireshark
|
Name: wireshark
|
||||||
Version: 2.6.2
|
Version: 2.6.2
|
||||||
Release: 11
|
Release: 12
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Summary: Network traffic analyzer
|
Summary: Network traffic analyzer
|
||||||
License: GPL+
|
License: GPL+
|
||||||
@ -41,6 +41,8 @@ Patch6026: fix-hash-table-key-memory-corruption.patch
|
|||||||
Patch6027: CVE-2020-13164.patch
|
Patch6027: CVE-2020-13164.patch
|
||||||
Patch6028: CVE-2020-15466.patch
|
Patch6028: CVE-2020-15466.patch
|
||||||
Patch6029: CVE-2018-16056.patch
|
Patch6029: CVE-2018-16056.patch
|
||||||
|
Patch6030: CVE-2020-25862.patch
|
||||||
|
Patch6031: CVE-2020-25863.patch
|
||||||
|
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Requires(post): systemd-udev
|
Requires(post): systemd-udev
|
||||||
@ -147,6 +149,12 @@ getent group usbmon >/dev/null || groupadd -r usbmon
|
|||||||
%{_mandir}/man?/*
|
%{_mandir}/man?/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 21 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-12
|
||||||
|
- Type:cves
|
||||||
|
- ID: CVE-2020-25862 CVE-2020-25863
|
||||||
|
- SUG:NA
|
||||||
|
- DESC: fix CVE-2020-25862 CVE-2020-25863
|
||||||
|
|
||||||
* Wed Sep 15 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-11
|
* Wed Sep 15 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-11
|
||||||
- Type:cves
|
- Type:cves
|
||||||
- ID: CVE-2018-16056
|
- ID: CVE-2018-16056
|
||||||
@ -168,7 +176,7 @@ getent group usbmon >/dev/null || groupadd -r usbmon
|
|||||||
- SUG:restart
|
- SUG:restart
|
||||||
- DESC: fix CVE-2020-13164
|
- DESC: fix CVE-2020-13164
|
||||||
|
|
||||||
* Wed May 13 2020 huanghaitao <huanghaitao8@huawei.com> - 2.6.2-7
|
* Fri May 15 2020 huanghaitao <huanghaitao8@huawei.com> - 2.6.2-7
|
||||||
- Type:cves
|
- Type:cves
|
||||||
- ID: CVE-2020-11647
|
- ID: CVE-2020-11647
|
||||||
- SUG:restart
|
- SUG:restart
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user