| Message ID | 20250107065756.642432-1-spushpka@cisco.com |
|---|---|
| State | Rejected |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [meta-openembedded,scarthgap] wireshark 4.2.7: Fix CVE-2024-9781 | expand |
Wrong mailing list! Please send to openembedded-devel@lists.openembedded.org Thanks, Steve On Tue, Jan 7, 2025 at 3:35 AM Shubham Pushpkar via lists.openembedded.org <spushpka=cisco.com@lists.openembedded.org> wrote: > > Upstream Repository: https://gitlab.com/wireshark/wireshark.git > > Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-9781 > Type: Security Fix > CVE: CVE-2024-9781 > Score: 7.8 > Patch: https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5 > > Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> > --- > .../wireshark/files/CVE-2024-9781.patch | 133 ++++++++++++++++++ > .../wireshark/wireshark_4.2.7.bb | 1 + > 2 files changed, 134 insertions(+) > create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch > > diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch > new file mode 100644 > index 000000000..eb8c733da > --- /dev/null > +++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch > @@ -0,0 +1,133 @@ > +From f32965be7c80ca6eb330d0e9b34f0c563db7d869 Mon Sep 17 00:00:00 2001 > +From: Gerald Combs <gerald@wireshark.org> > +Date: Tue, 8 Oct 2024 11:56:28 -0700 > +Subject: [PATCH] AppleTalk: Make sure we have valid addresses > + > +Make sure ATP, ZIP, and ASP have valid addresses. Use sizeof instead of > +a hard-coded value in a few places. > + > +Fixes #20114 > + > +(cherry picked from commit 3de741321f85c205c0a8266c40f33cb0013bd1d2) > + > +Conflicts: > + epan/dissectors/packet-atalk.c > + > +CVE: CVE-2024-9781 > +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5] > + > +(cherry picked from commit cad248ce3bf53026cc837fedeaca65d0f20ea3b5) > +Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> > +--- > + epan/dissectors/packet-atalk.c | 44 ++++++++++++++++++++++++---------- > + 1 file changed, 32 insertions(+), 12 deletions(-) > + > +diff --git a/epan/dissectors/packet-atalk.c b/epan/dissectors/packet-atalk.c > +index 396e7af519..065d6aedb6 100644 > +--- a/epan/dissectors/packet-atalk.c > ++++ b/epan/dissectors/packet-atalk.c > +@@ -232,9 +232,18 @@ static int hf_asp_attn_code = -1; > + static int hf_asp_seq = -1; > + static int hf_asp_size = -1; > + > ++/* > ++ * Structure used to represent a DDP address; gives the layout of the > ++ * data pointed to by an Appletalk "address" structure. > ++ */ > ++struct atalk_ddp_addr { > ++ guint16 net; > ++ guint8 node; > ++}; > ++ > + typedef struct { > + guint32 conversation; > +- guint8 src[4]; > ++ guint8 src[sizeof(struct atalk_ddp_addr)]; > + guint16 tid; > + } asp_request_key; > + > +@@ -502,6 +511,10 @@ static const value_string asp_error_vals[] = { > + {0, NULL } }; > + value_string_ext asp_error_vals_ext = VALUE_STRING_EXT_INIT(asp_error_vals); > + > ++static bool is_ddp_address(address *addr) { > ++ return addr->type == atalk_address_type && addr->len == sizeof(struct atalk_ddp_addr); > ++} > ++ > + /* > + * hf_index must be a FT_UINT_STRING type > + * Are these always in a Mac extended character set? Should we have a > +@@ -744,6 +757,12 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) > + conversation_t *conversation; > + asp_request_val *request_val = NULL; > + > ++ // ATP is carried over DDP > ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { > ++ return 0; > ++ } > ++ > ++ > + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATP"); > + > + ctrlinfo = tvb_get_guint8(tvb, offset); > +@@ -770,7 +789,7 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) > + asp_request_key request_key; > + > + request_key.conversation = conversation->conv_index; > +- memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, 4); > ++ memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr)); > + request_key.tid = atp_asp_dsi_info.tid; > + > + request_val = (asp_request_val *) wmem_map_lookup(atp_request_hash, &request_key); > +@@ -1018,7 +1037,7 @@ get_transaction(tvbuff_t *tvb, packet_info *pinfo, struct atp_asp_dsi_info *atp_ > + conversation = find_or_create_conversation(pinfo); > + > + request_key.conversation = conversation->conv_index; > +- memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, 4); > ++ memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr)); > + request_key.tid = atp_asp_dsi_info->tid; > + > + request_val = (asp_request_val *) wmem_map_lookup(asp_request_hash, &request_key); > +@@ -1051,6 +1070,11 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) > + if (data == NULL) > + return 0; > + > ++ // ASP is carried over ATP/DDP > ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { > ++ return 0; > ++ } > ++ > + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ASP"); > + col_clear(pinfo->cinfo, COL_INFO); > + > +@@ -1183,15 +1207,6 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) > + /* ----------------------------- > + ZIP protocol cf. inside appletalk chap. 8 > + */ > +-/* > +- * Structure used to represent a DDP address; gives the layout of the > +- * data pointed to by an Appletalk "address" structure. > +- */ > +-struct atalk_ddp_addr { > +- guint16 net; > +- guint8 node; > +-}; > +- > + > + static int atalk_str_len(const address* addr _U_) > + { > +@@ -1241,6 +1256,11 @@ dissect_atp_zip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) > + if (data == NULL) > + return 0; > + > ++ // ATP ZIP is carried over DDP > ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { > ++ return 0; > ++ } > ++ > + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ZIP"); > + col_clear(pinfo->cinfo, COL_INFO); > + > +-- > +2.44.1 > + > diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb > index b80710683..d68b082bb 100644 > --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb > +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb > @@ -13,6 +13,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/wireshark-${PV}.tar.xz \ > file://0002-flex-Remove-line-directives.patch \ > file://0004-lemon-Remove-line-directives.patch \ > file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ > + file://CVE-2024-9781.patch \ > " > > UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" > -- > 2.35.6 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#209452): https://lists.openembedded.org/g/openembedded-core/message/209452 > Mute This Topic: https://lists.openembedded.org/mt/110475405/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi Steve, Thank you for letting me know. I apologize for the oversight. I will resend the email to openembedded-devel@lists.openembedded.org shortly. Thanks again! Best regards, Shubham ________________________________ From: Steve Sakoman <steve@sakoman.com> Sent: 07 January 2025 19:33 To: Shubham Pushpkar -X (spushpka - E INFOCHIPS PRIVATE LIMITED at Cisco) <spushpka@cisco.com> Cc: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>; xe-linux-external(mailer list) <xe-linux-external@cisco.com> Subject: Re: [OE-core] [meta-openembedded] [scarthgap] [PATCH] wireshark 4.2.7: Fix CVE-2024-9781 Wrong mailing list! Please send to openembedded-devel@lists.openembedded.org Thanks, Steve On Tue, Jan 7, 2025 at 3:35 AM Shubham Pushpkar via lists.openembedded.org <spushpka=cisco.com@lists.openembedded.org> wrote: > > Upstream Repository: https://gitlab.com/wireshark/wireshark.git > > Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-9781 > Type: Security Fix > CVE: CVE-2024-9781 > Score: 7.8 > Patch: https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5 > > Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> > --- > .../wireshark/files/CVE-2024-9781.patch | 133 ++++++++++++++++++ > .../wireshark/wireshark_4.2.7.bb | 1 + > 2 files changed, 134 insertions(+) > create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch > > diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch > new file mode 100644 > index 000000000..eb8c733da > --- /dev/null > +++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch > @@ -0,0 +1,133 @@ > +From f32965be7c80ca6eb330d0e9b34f0c563db7d869 Mon Sep 17 00:00:00 2001 > +From: Gerald Combs <gerald@wireshark.org> > +Date: Tue, 8 Oct 2024 11:56:28 -0700 > +Subject: [PATCH] AppleTalk: Make sure we have valid addresses > + > +Make sure ATP, ZIP, and ASP have valid addresses. Use sizeof instead of > +a hard-coded value in a few places. > + > +Fixes #20114 > + > +(cherry picked from commit 3de741321f85c205c0a8266c40f33cb0013bd1d2) > + > +Conflicts: > + epan/dissectors/packet-atalk.c > + > +CVE: CVE-2024-9781 > +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5] > + > +(cherry picked from commit cad248ce3bf53026cc837fedeaca65d0f20ea3b5) > +Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> > +--- > + epan/dissectors/packet-atalk.c | 44 ++++++++++++++++++++++++---------- > + 1 file changed, 32 insertions(+), 12 deletions(-) > + > +diff --git a/epan/dissectors/packet-atalk.c b/epan/dissectors/packet-atalk.c > +index 396e7af519..065d6aedb6 100644 > +--- a/epan/dissectors/packet-atalk.c > ++++ b/epan/dissectors/packet-atalk.c > +@@ -232,9 +232,18 @@ static int hf_asp_attn_code = -1; > + static int hf_asp_seq = -1; > + static int hf_asp_size = -1; > + > ++/* > ++ * Structure used to represent a DDP address; gives the layout of the > ++ * data pointed to by an Appletalk "address" structure. > ++ */ > ++struct atalk_ddp_addr { > ++ guint16 net; > ++ guint8 node; > ++}; > ++ > + typedef struct { > + guint32 conversation; > +- guint8 src[4]; > ++ guint8 src[sizeof(struct atalk_ddp_addr)]; > + guint16 tid; > + } asp_request_key; > + > +@@ -502,6 +511,10 @@ static const value_string asp_error_vals[] = { > + {0, NULL } }; > + value_string_ext asp_error_vals_ext = VALUE_STRING_EXT_INIT(asp_error_vals); > + > ++static bool is_ddp_address(address *addr) { > ++ return addr->type == atalk_address_type && addr->len == sizeof(struct atalk_ddp_addr); > ++} > ++ > + /* > + * hf_index must be a FT_UINT_STRING type > + * Are these always in a Mac extended character set? Should we have a > +@@ -744,6 +757,12 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) > + conversation_t *conversation; > + asp_request_val *request_val = NULL; > + > ++ // ATP is carried over DDP > ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { > ++ return 0; > ++ } > ++ > ++ > + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATP"); > + > + ctrlinfo = tvb_get_guint8(tvb, offset); > +@@ -770,7 +789,7 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) > + asp_request_key request_key; > + > + request_key.conversation = conversation->conv_index; > +- memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, 4); > ++ memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr)); > + request_key.tid = atp_asp_dsi_info.tid; > + > + request_val = (asp_request_val *) wmem_map_lookup(atp_request_hash, &request_key); > +@@ -1018,7 +1037,7 @@ get_transaction(tvbuff_t *tvb, packet_info *pinfo, struct atp_asp_dsi_info *atp_ > + conversation = find_or_create_conversation(pinfo); > + > + request_key.conversation = conversation->conv_index; > +- memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, 4); > ++ memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr)); > + request_key.tid = atp_asp_dsi_info->tid; > + > + request_val = (asp_request_val *) wmem_map_lookup(asp_request_hash, &request_key); > +@@ -1051,6 +1070,11 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) > + if (data == NULL) > + return 0; > + > ++ // ASP is carried over ATP/DDP > ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { > ++ return 0; > ++ } > ++ > + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ASP"); > + col_clear(pinfo->cinfo, COL_INFO); > + > +@@ -1183,15 +1207,6 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) > + /* ----------------------------- > + ZIP protocol cf. inside appletalk chap. 8 > + */ > +-/* > +- * Structure used to represent a DDP address; gives the layout of the > +- * data pointed to by an Appletalk "address" structure. > +- */ > +-struct atalk_ddp_addr { > +- guint16 net; > +- guint8 node; > +-}; > +- > + > + static int atalk_str_len(const address* addr _U_) > + { > +@@ -1241,6 +1256,11 @@ dissect_atp_zip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) > + if (data == NULL) > + return 0; > + > ++ // ATP ZIP is carried over DDP > ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { > ++ return 0; > ++ } > ++ > + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ZIP"); > + col_clear(pinfo->cinfo, COL_INFO); > + > +-- > +2.44.1 > + > diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb > index b80710683..d68b082bb 100644 > --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb > +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb > @@ -13,6 +13,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/wireshark-${PV}.tar.xz \ > file://0002-flex-Remove-line-directives.patch \ > file://0004-lemon-Remove-line-directives.patch \ > file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ > + file://CVE-2024-9781.patch \ > " > > UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" > -- > 2.35.6 > > > >
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch new file mode 100644 index 000000000..eb8c733da --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch @@ -0,0 +1,133 @@ +From f32965be7c80ca6eb330d0e9b34f0c563db7d869 Mon Sep 17 00:00:00 2001 +From: Gerald Combs <gerald@wireshark.org> +Date: Tue, 8 Oct 2024 11:56:28 -0700 +Subject: [PATCH] AppleTalk: Make sure we have valid addresses + +Make sure ATP, ZIP, and ASP have valid addresses. Use sizeof instead of +a hard-coded value in a few places. + +Fixes #20114 + +(cherry picked from commit 3de741321f85c205c0a8266c40f33cb0013bd1d2) + +Conflicts: + epan/dissectors/packet-atalk.c + +CVE: CVE-2024-9781 +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5] + +(cherry picked from commit cad248ce3bf53026cc837fedeaca65d0f20ea3b5) +Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> +--- + epan/dissectors/packet-atalk.c | 44 ++++++++++++++++++++++++---------- + 1 file changed, 32 insertions(+), 12 deletions(-) + +diff --git a/epan/dissectors/packet-atalk.c b/epan/dissectors/packet-atalk.c +index 396e7af519..065d6aedb6 100644 +--- a/epan/dissectors/packet-atalk.c ++++ b/epan/dissectors/packet-atalk.c +@@ -232,9 +232,18 @@ static int hf_asp_attn_code = -1; + static int hf_asp_seq = -1; + static int hf_asp_size = -1; + ++/* ++ * Structure used to represent a DDP address; gives the layout of the ++ * data pointed to by an Appletalk "address" structure. ++ */ ++struct atalk_ddp_addr { ++ guint16 net; ++ guint8 node; ++}; ++ + typedef struct { + guint32 conversation; +- guint8 src[4]; ++ guint8 src[sizeof(struct atalk_ddp_addr)]; + guint16 tid; + } asp_request_key; + +@@ -502,6 +511,10 @@ static const value_string asp_error_vals[] = { + {0, NULL } }; + value_string_ext asp_error_vals_ext = VALUE_STRING_EXT_INIT(asp_error_vals); + ++static bool is_ddp_address(address *addr) { ++ return addr->type == atalk_address_type && addr->len == sizeof(struct atalk_ddp_addr); ++} ++ + /* + * hf_index must be a FT_UINT_STRING type + * Are these always in a Mac extended character set? Should we have a +@@ -744,6 +757,12 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) + conversation_t *conversation; + asp_request_val *request_val = NULL; + ++ // ATP is carried over DDP ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { ++ return 0; ++ } ++ ++ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATP"); + + ctrlinfo = tvb_get_guint8(tvb, offset); +@@ -770,7 +789,7 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) + asp_request_key request_key; + + request_key.conversation = conversation->conv_index; +- memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, 4); ++ memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr)); + request_key.tid = atp_asp_dsi_info.tid; + + request_val = (asp_request_val *) wmem_map_lookup(atp_request_hash, &request_key); +@@ -1018,7 +1037,7 @@ get_transaction(tvbuff_t *tvb, packet_info *pinfo, struct atp_asp_dsi_info *atp_ + conversation = find_or_create_conversation(pinfo); + + request_key.conversation = conversation->conv_index; +- memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, 4); ++ memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr)); + request_key.tid = atp_asp_dsi_info->tid; + + request_val = (asp_request_val *) wmem_map_lookup(asp_request_hash, &request_key); +@@ -1051,6 +1070,11 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) + if (data == NULL) + return 0; + ++ // ASP is carried over ATP/DDP ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { ++ return 0; ++ } ++ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ASP"); + col_clear(pinfo->cinfo, COL_INFO); + +@@ -1183,15 +1207,6 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) + /* ----------------------------- + ZIP protocol cf. inside appletalk chap. 8 + */ +-/* +- * Structure used to represent a DDP address; gives the layout of the +- * data pointed to by an Appletalk "address" structure. +- */ +-struct atalk_ddp_addr { +- guint16 net; +- guint8 node; +-}; +- + + static int atalk_str_len(const address* addr _U_) + { +@@ -1241,6 +1256,11 @@ dissect_atp_zip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) + if (data == NULL) + return 0; + ++ // ATP ZIP is carried over DDP ++ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) { ++ return 0; ++ } ++ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "ZIP"); + col_clear(pinfo->cinfo, COL_INFO); + +-- +2.44.1 + diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb index b80710683..d68b082bb 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb @@ -13,6 +13,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/wireshark-${PV}.tar.xz \ file://0002-flex-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ + file://CVE-2024-9781.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
Upstream Repository: https://gitlab.com/wireshark/wireshark.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-9781 Type: Security Fix CVE: CVE-2024-9781 Score: 7.8 Patch: https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5 Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> --- .../wireshark/files/CVE-2024-9781.patch | 133 ++++++++++++++++++ .../wireshark/wireshark_4.2.7.bb | 1 + 2 files changed, 134 insertions(+) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch