diff --git a/CVE-2020-25862.patch b/CVE-2020-25862.patch new file mode 100644 index 0000000000000000000000000000000000000000..501361404926a5df8b2fd6e24a689e640f3f88e3 --- /dev/null +++ b/CVE-2020-25862.patch @@ -0,0 +1,31 @@ +From 7f3fe6164a68b76d9988c4253b24d43f498f1753 Mon Sep 17 00:00:00 2001 +From: Pascal Quantin +Date: Tue, 1 Sep 2020 17:22:14 +0200 +Subject: [PATCH] TCP: do not use an unknown status when the checksum is 0xffff + +Otherwise it triggers an assert when adding the column as the field is +defined as BASE_NONE and not BASE_DEC or BASE_HEX. Thus an unknown value +(not in proto_checksum_vals[)array) cannot be represented. +Mark the checksum as bad even if we process the packet. +Closes #16816 + +--- + epan/dissectors/packet-tcp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c +index db8ef31639..fc83f665d1 100644 +--- a/epan/dissectors/packet-tcp.c ++++ b/epan/dissectors/packet-tcp.c +@@ -6230,7 +6230,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) + PROTO_ITEM_SET_GENERATED(item); + /* XXX - What should this special status be? */ + item = proto_tree_add_uint(checksum_tree, hf_tcp_checksum_status, tvb, +- offset + 16, 0, 4); ++ offset + 16, 0, PROTO_CHECKSUM_E_BAD); + PROTO_ITEM_SET_GENERATED(item); + expert_add_info(pinfo, item, &ei_tcp_checksum_ffff); + +-- +GitLab + diff --git a/CVE-2020-25863.patch b/CVE-2020-25863.patch new file mode 100644 index 0000000000000000000000000000000000000000..56681fb81b58a46487341f7d4fdabd6cad3bb211 --- /dev/null +++ b/CVE-2020-25863.patch @@ -0,0 +1,39 @@ +From 5803c7b87b3414cdb8bf502af50bb406ca774482 Mon Sep 17 00:00:00 2001 +From: George Hopkins +Date: Wed, 2 Sep 2020 10:05:25 +0000 +Subject: [PATCH] multipart: fix deallocation of invalid parts + +Fixes #16741 + + +(cherry picked from commit 2411eae9edb562e80c45962c74945238a94e5d3b) +--- + epan/dissectors/packet-multipart.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/epan/dissectors/packet-multipart.c b/epan/dissectors/packet-multipart.c +index 0e8d9103f1..b972969940 100644 +--- a/epan/dissectors/packet-multipart.c ++++ b/epan/dissectors/packet-multipart.c +@@ -340,14 +340,13 @@ get_multipart_info(packet_info *pinfo, http_message_info_t *message_info) + parameters = unfold_and_compact_mime_header(message_info->media_str, &dummy); + + start_boundary = ws_find_media_type_parameter(wmem_packet_scope(), parameters, "boundary"); +- +- if(!start_boundary) { ++ if (!start_boundary) { + return NULL; + } +- if(strncmp(type, "multipart/encrypted", sizeof("multipart/encrypted")-1) == 0) { ++ ++ if (strncmp(type, "multipart/encrypted", sizeof("multipart/encrypted") - 1) == 0) { + start_protocol = ws_find_media_type_parameter(wmem_packet_scope(), parameters, "protocol"); +- if(!start_protocol) { +- g_free(start_boundary); ++ if (!start_protocol) { + return NULL; + } + } +-- +GitLab + diff --git a/wireshark.spec b/wireshark.spec index 490f3a9d7821ec18fd3a1726fd5484d0a19ea718..19d421b73240ee5cb818e866a26b0a3f4d263d0b 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -1,6 +1,6 @@ Name: wireshark Version: 2.6.2 -Release: 11 +Release: 12 Epoch: 1 Summary: Network traffic analyzer License: GPL+ @@ -41,6 +41,8 @@ Patch6026: fix-hash-table-key-memory-corruption.patch Patch6027: CVE-2020-13164.patch Patch6028: CVE-2020-15466.patch Patch6029: CVE-2018-16056.patch +Patch6030: CVE-2020-25862.patch +Patch6031: CVE-2020-25863.patch Requires(pre): shadow-utils Requires(post): systemd-udev @@ -147,6 +149,12 @@ getent group usbmon >/dev/null || groupadd -r usbmon %{_mandir}/man?/* %changelog +* Wed Oct 21 2020 wangxiao - 2.6.2-12 +- Type:cves +- ID: CVE-2020-25862 CVE-2020-25863 +- SUG:NA +- DESC: fix CVE-2020-25862 CVE-2020-25863 + * Wed Sep 15 2020 wangxiao - 2.6.2-11 - Type:cves - ID: CVE-2018-16056