import Oracle_OSS wireshark-4.4.2-4.0.1.el10_1.4

2026-04-23 02:16:34 -04:00 · 2026-04-23 02:16:34 -04:00 · 808fe5945d
commit 808fe5945d
parent fcb8790b95
3 changed files with 94 additions and 2 deletions
--- a/wireshark-0012-cve-2026-3201.patch
+++ b/wireshark-0012-cve-2026-3201.patch
@ -0,0 +1,49 @@
+From 6f753c79b7c8ac382e6383dfabd7d5be6e2b722c Mon Sep 17 00:00:00 2001
+From: Michael Mann <mmann78@netscape.net>
+Date: Mon, 26 Jan 2026 00:17:11 -0500
+Subject: [PATCH] USB-HID: Bugfix resource exhaustion in
+ parse_report_descriptor()
+
+Sanity range check was removed in 739666a7f5acc270204980e01b4069caf5060f30, restore it
+
+AI-Assisted: no
+Fixes #20972
+---
+ epan/dissectors/packet-usb-hid.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-usb-hid.c b/epan/dissectors/packet-usb-hid.c
+index 92c043e3c04..efd6e5a5e44 100644
+--- a/epan/dissectors/packet-usb-hid.c
+++ b/epan/dissectors/packet-usb-hid.c
+@@ -3729,6 +3729,7 @@ hid_unpack_signed(uint8_t *data, unsigned int idx, unsigned int size, int32_t *v
+     return false;
+ }
+ 
+#define MAX_REPORT_DESCRIPTOR_COUNT 100000 // Arbitrary
+ static bool
+ parse_report_descriptor(report_descriptor_t *rdesc)
+ {
+@@ -3910,7 +3911,7 @@ parse_report_descriptor(report_descriptor_t *rdesc)
+                         }
+ 
+                         /* Usage min and max must be on the same page */
+-                        if (USAGE_PAGE(usage_min) != USAGE_PAGE(usage_max)) {
+                        if (USAGE_PAGE(usage_min) != USAGE_PAGE(usage_max))  {
+                             goto err;
+                         }
+ 
+@@ -3918,6 +3919,10 @@ parse_report_descriptor(report_descriptor_t *rdesc)
+                             goto err;
+                         }
+ 
+                        if (wmem_array_get_count(field.usages) + usage_max - usage_min >= MAX_REPORT_DESCRIPTOR_COUNT) {
+                            goto err;
+                        }
+
+                         /* min and max are inclusive */
+                         wmem_array_grow(field.usages, usage_max - usage_min + 1);
+                         for (uint32_t j = usage_min; j <= usage_max; j++) {
+-- 
+GitLab
+
--- a/wireshark-0013-cve-2026-3203.patch
+++ b/wireshark-0013-cve-2026-3203.patch
@ -0,0 +1,32 @@
+From b6c102ae6db8f30ea327b6448c5d071f00cc573d Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Fri, 6 Feb 2026 20:42:03 -0500
+Subject: [PATCH] RF4CE: Check that the input data is long enough
+
+Prevent illegal memory access.
+
+Fix: #21009
+
+AI-Assisted: no
+---
+ epan/dissectors/packet-rf4ce-secur.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/epan/dissectors/packet-rf4ce-secur.c b/epan/dissectors/packet-rf4ce-secur.c
+index 3cf40993d89..09a0ae50c31 100644
+--- a/epan/dissectors/packet-rf4ce-secur.c
+++ b/epan/dissectors/packet-rf4ce-secur.c
+@@ -627,6 +627,10 @@ bool decrypt_data(
+         return false;
+     }
+ 
+    if (*len < payload_offset + RF4CE_CCM_M) {
+        return false;
+    }
+
+     while (idx < RF4CE_NWK_KEY_STORAGE_SIZE)
+     {
+         if (nwk_key_storage[idx].is_used)
+-- 
+GitLab
+
--- a/wireshark.spec
+++ b/wireshark.spec
@ -6,7 +6,7 @@
 Summary:	Network traffic analyzer
 Name:		wireshark
 Version:	4.4.2
-Release:	4%{?dist}.2
+Release:	4.0.1%{?dist}.4
 Epoch:		1
 License:	BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib)
 Url:		http://www.wireshark.org/
@ -31,6 +31,8 @@ Patch8:   wireshark-0008-pkgconfig.patch
 Patch9:   wireshark-0009-cve-2025-1492.patch
 Patch10:  wireshark-0010-cve-2025-13499.patch
 Patch11:  wireshark-0011-cve-2025-9817.patch
+Patch12:  wireshark-0012-cve-2026-3201.patch
+Patch13:  wireshark-0013-cve-2026-3203.patch

 #install tshark together with wireshark GUI
 Requires:	%{name}-cli = %{epoch}:%{version}-%{release}
@ -193,7 +195,7 @@ find %{buildroot} -type f -name "*.la" -delete
 %{?ldconfig}
 # skip triggering if udevd isn't even accessible, e.g. containers or
 # rpm-ostree-based systems
-if [ -S /run/udev/control ]; then
+if [ -S /run/udev/control ] && [ -f /usr/bin/udevadm ]; then
    /usr/bin/udevadm trigger --subsystem-match=usbmon || :
 fi

@ -283,6 +285,15 @@ fi
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Wed Apr 22 2026 EL Errata <el-errata_ww@oracle.com> - 4.4.2-4.0.1.el10_1.4
+- Fix post script to not fail during initial installation [Orabug: 37565359]
+
+* Tue Apr 07 2026 Michal Ruprich <mruprich@redhat.com> - 1:4.4.2-4.4
+- Resolves: RHEL-152921 - CVE-2026-3203 Buffer Over-read
+
+* Sat Apr 04 2026 Michal Ruprich <mruprich@redhat.com> - 1:4.4.2-4.3
+- Resolves: RHEL-152912 - CVE-2026-3201 Improperly Controlled Sequential Memory Allocation
+
 * Sun Jan 25 2026 Michal Ruprich <mruprich@redhat.com> - 1:4.4.2-4.2
 - Resolves: RHEL-136916 - NULL Pointer Dereference in Wireshark (CVE-2025-9817)