| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
Wireshark 3.0.3 Release Notes
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
What’s New
• The Windows installers now ship with Qt 5.12.4. They previously
shipped with Qt 5.12.3.
• The Windows installers now ship with Npcap 0.996. They previously
shipped with Npcap 0.995.
• The macOS installer now ships with Qt 5.12.4. It previously
shipped with Qt 5.12.1.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-20[1] ASN.1 BER and related dissectors crash. Bug
15870[2]. CVE-2019-13619[3].
The following bugs have been fixed:
• "ninja install" installs help/faq.py instead of help/faq.txt. Bug
15543[4].
• In Wireshark 3.0, encrypted DOCSIS PDU packets no longer match
the filter "eth.dst". Bug 15731[5].
• Developer’s Guide section 3.9 "Contribute your changes" should
incorporate or link "Writing a good commit message" from the
Wiki. Bug 15752[6].
• RSL dissector bugs in presence of optional IEs. Bug 15789[7].
• The "Media Attribute Value" field is missed in rtcp SDP
dissection (packet-sdp.c). Bug 15791[8].
• BTLE doesn’t properly detect start fragment of L2CAP PDUs. Bug
15807[9].
• Wi-SUN FAN decoder error, Channel Spacing and Reserved fields are
swapped. Bug 15821[10].
• tshark: Display filter error message references "-d" when it
should reference "-Y". Bug 15825[11].
• Open "protocol" preferences …<U+200B> does not work for protocol in
subtree. Bug 15836[12].
• Problems with sshdump "Error by extcap pipe: sh: sudo: command
not found". Bug 15845[13].
• editcap won’t change encapsulation type when writing pcap format.
Bug 15873[14].
• ITU-T G.8113.1 MPLS-TP OAM CC,LMM,LMR,DMM and DMR are not seen in
the 3.0.2. Bug 15887[15].
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AERON, ASN.1, BTLE, CUPS, DNS, DOCSIS, DPNSS, GSM RLC/MAC, HiQnet,
ISO 14443, ISObus VT, LDAP, MAC LTE, MIME multipart, MPLS, MQ, RSL,
SDP, SMB, TNEF, and Wi-SUN
New and Updated Capture File Support
Ascend
New and Updated Capture Interfaces support
There is no new or updated capture file support in this release.
|
|
|
|
3.0.2:
What’s New
• The Windows installers now ship with Qt 5.12.3. They previously
shipped with Qt 5.12.1.
• The Windows installers now ship with Npcap 0.995. They previously
shipped with Npcap 0.992.
• The macOS packages are now notarized[1].
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-19[2] Wireshark dissection engine crash. Bug
15778[3].
The following bugs have been fixed:
• Add (IETF) QUIC Dissector. Bug 13881[4].
• Wireshark Hangs on startup initializing external capture plugins.
Bug 14657[5].
• [oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more
than 1000000 items in the tree — possible infinite loop. Bug
14978[6].
• Wireshark can call extcap with empty multicheck argument. Bug
15065[7].
• CMPv2 KUR message disection gives unexpected value for
serialNumber under OldCertId fields. Bug 15154[8].
• "(Git Rev Unknown from unknown)" in version string for official
tarball. Bug 15544[9].
• External extcap does not get all arguments sometimes. Bug
15586[10].
• Help file doesn’t display for extcap interfaces. Bug 15592[11].
• Buildbot crash output: randpkt-2019-03-14-4670.pcap. Bug
15604[12].
• Building only libraries on windows fails due to CLEAN_C_FILES
empty. Bug 15662[13].
• Statistics→Conversations→TCP→Follow Stream - incorrect behavior.
Bug 15672[14].
• Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp
field). Bug 15687[15].
• ws_pipe: leaks pipe handles on errors. Bug 15689[16].
• Build issue in Wireshark - 3.0.1 on RHEL6. Bug 15706[17].
• ISAKMP: Segmentation fault with non-hex string for IKEv1
Decryption Table Initiator Cookie. Bug 15709[18].
• extcap: non-boolean call arguments can be appended without value
on selector Reload. Bug 15725[19].
• Incorrectly interpreted format of MQTT PUBLISH payload data. Bug
15738[20].
• print.c: Memory leak in ek_check_protocolfilter. Bug 15758[21].
• IETF QUIC dissector incorrectly parses retry packet. Bug
15764[22].
• Bacnet(app): fix wrong value for id 183 (logging-device →
logging-object). Bug 15767[23].
• The SMB2 code to look up decryption keys by session ID assumes
it’s running on a little-endian machine. Bug 15772[24].
• tshark -G folders leaves mmdbresolve process behind. Bug
15777[25].
• Dissector bug, protocol TLS - failed assertion "data". Bug
15780[26].
• WSMP : header_opt_ind field is not correctly set.
|
|
installed
|
|
3.0.1:
The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9.
Bug Fixes
The following vulnerabilities have been fixed:
wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.
wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.
wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897.
wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898.
wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900.
wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.
wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.
wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902.
wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.
wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.
The following bugs have been fixed:
[oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770.
[oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439.
Duplicated TCP SEQ field in ICMP packets. Bug 15533.
Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542.
Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545.
GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.
Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561.
%T not supported for timestamps. Bug 15565.
LWM2M: resource with \r\n badly shown. Bug 15572.
When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578.
Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599.
Windows console log output delay. Bug 15605.
Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607.
NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608.
randpkt -r causes segfault when count > 1. Bug 15627.
Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628.
Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630.
BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631.
Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634.
Typo: broli → brotli. Bug 15647.
Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648.
Windows CHM (help file) title displays quoted HTML characters. Bug 15656.
Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667.
3.0.0:
Many user interface improvements have been made. See the “New and Updated Features” section below for more details.
Support for a number of legacy features and libraries has been removed. See the “Removed Features and Support” section below for more details.
Bug Fixes
The following bugs have been fixed:
Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427)
Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489).
Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The following features are new (or have been significantly updated) since version 3.0.0rc1:
The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693).
The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7.
The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6.
The following features are new (or have been significantly updated) since version 2.9.0:
Wireshark now supports the Swedish and Ukrainian languages.
Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.
The build system now produces reproducible builds (Bug 15163).
The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.
The following features are new (or have been significantly updated) since version 2.6.0:
The Windows .exe installers now ship with Npcap instead of WinPcap. Besides being actively maintained (by the nmap project), Npcap brings support for loopback capture and 802.11 WiFi monitor mode capture (if supported by the NIC driver).
Conversation timestamps are supported for UDP/UDP-Lite protocols
TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.
The “Capture Information” dialog has been added back (Bug 12004).
The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.
The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.
Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).
The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.
The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.
Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.
APT-X has been renamed to aptX.
When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.
The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.
Dumpcap now supports the -a packets:NUM and -b packets:NUM options.
Wireshark now includes a “No Reassembly” configuration profile.
Wireshark now supports the Russian language.
The build system now supports AppImage packages.
The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.
Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252).
The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file.
A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them.
The Bash test suite has been replaced by one based on Python unittest/pytest.
The custom window title can now show file path of the capture file and it has a conditional separator.
Removed Features and Support
The legacy (GTK+) user interface has been removed and is no longer supported.
The portaudio library is no longer needed due to the removal of GTK+.
Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
Wireshark requires GLib 2.32 or later.
Wireshark requires GnuTLS 3.2 or later as optional dependency.
Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported.
Building Wireshark requires CMake. Autotools is no longer supported.
TShark’s -z compare option was removed.
Building with Cygwin is no longer supported on Windows.
|
|
Otherwise, they are built when asciidoctor is detected, and the result
is a PLIST mismatch.
No version bump: the build was broken iff this change makes a difference.
|
|
This is a semi-manual PKGREVISION bump.
|
|
|
|
Wireshark 2.6.7 Release Notes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-06[1] ASN.1 BER and related dissectors crash.
15447[2]. CVE-2019-9209[3].
• wnpa-sec-2019-07[4] TCAP dissector crash.
CVE-2019-9208[6].
• wnpa-sec-2019-08[7] RPCAP dissector crash.
The following bugs have been fixed:
• Alignment Lost after Editing Column.
• Crash on applying display filters or coloring rules on capture
files containing non-UTF-8 data.
• tshark outputs debug information.
• Feature request - HTTP, add the field "request URI" to response.
• randpkt should be distributed with the Windows installer.
• Memory leak with "-T ek" output format option.
• Display error in negative response time stats (gint displayed as
unsigned).
• _epl_xdd_init not found.
• Decoding of MEGACO/H.248 request shows the Remote descriptor as
"Local descriptor".
• Repeated NFS in Protocol Display field.
• RBM file dissector adds too many items to the tree, resulting in
aborting the program.
• Wireshark heap out-of-bounds read in infer_pkt_encap.
• Column width and hidden issues when switching profiles.
• GTPv1-C SGSN Context Response / Forward Relocation Request decode
GGSN address IPV6 issue.
• Lua Error on startup: init.lua: dofile has been disabled due to
running Wireshark as superuser.
• DICOM ASSOCIATE Accept: Protocol Version.
• Multiple out-of-bounds reads in NetScaler trace handling
(wiretap/netscaler.c).
• Wrong endianess when dissecting the "chain offset" in SMB2
protocol header.
• Memory leak in mate_grammar.lemon’s recolonize function.
|
|
Wireshark 2.6.6 Release Notes
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
What’s New
• The Windows installers now ship with Qt 5.9.7. Previously they
shipped with Qt 5.9.5.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-01[1] The 6LoWPAN dissector could crash.
• wnpa-sec-2019-02[4] The P_MUL dissector could crash.
• wnpa-sec-2019-03[7] The RTSE dissector and other dissectors could
crash.
• wnpa-sec-2019-04[10] The ISAKMP dissector could crash.
The following bugs have been fixed:
• console.lua not found in a folder with non-ASCII characters in
its name.
• Disabling Update list of packets in real time. will generally
trigger crash after three start capture, stop capture cycles.
• UDP Multicast Stream double counts.
• text2pcap et al. set snaplength to 64kiB-1, while processing
frames of 256kiB.
• Builds without libpcap fail if the libpcap headers aren’t
installed.
• TCAP AnalogRedirectRecord parameter incorrectly coded as
mandatory in QualReq_rr message.
• macOS DMG appears to have duplicate files.
• Wireshark jumps behind other windows when opening UAT dialogs.
• Pathnames containing non-ASCII characters are mangled in error
dialogs on Windows.
• Executing -z http,stat -r file.pcapng throws a segmentation
fault.
• IS-41 TCAP RegistrationNotification Invoke has borderCellAccess
parameter coded as tag 50 (as denyAccess) but should be 58.
• In DNS statistics, response times > 1 sec not included.
• GTPv2 APN dissect problem.
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
6LoWPAN, ANSI MAP, DNP3, DNS, GSM A, GTP, GTPv2, IMF, ISAKMP, ISObus
VT, Kerberos, P_MUL, RTSE, S7COMM, and TCAP
|
|
|
|
|
|
- remove unused configure options
- allow newer Python
- depend on: lz4, libssh, libcares, snappy
- add http2 as an option
|
|
Wireshark 2.6.5 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-51[1] The Wireshark dissection engine could crash.
Bug 14466[2]. CVE-2018-19625[3].
• wnpa-sec-2018-52[4] The DCOM dissector could crash. Bug 15130[5].
CVE-2018-19626[6].
• wnpa-sec-2018-53[7] The LBMPDM dissector could crash. Bug
15132[8]. CVE-2018-19623[9].
• wnpa-sec-2018-54[10] The MMSE dissector could go into an infinite
loop. Bug 15250[11]. CVE-2018-19622[12].
• wnpa-sec-2018-55[13] The IxVeriWave file parser could crash. Bug
15279[14]. CVE-2018-19627[15].
• wnpa-sec-2018-56[16] The PVFS dissector could crash. Bug
15280[17]. CVE-2018-19624[18].
• wnpa-sec-2018-57[19] The ZigBee ZCL dissector could crash. Bug
15281[20]. CVE-2018-19628[21].
The following bugs have been fixed:
• VoIP Calls dialog doesn’t include RTP stream when preparing a
filter. Bug 13440[22].
• Wireshark installs on macOS with permissions for
/Library/Application Support/Wireshark that are too restrictive.
Bug 14335[23].
• Closing Enabled Protocols dialog crashes wireshark. Bug
14349[24].
• Unable to Export Objects → HTTP after sorting columns. Bug
14545[25].
• DNS Response to NS query shows as malformed packet. Bug
14574[26].
• Encrypted Alerts corresponds to a wrong selection in the packet
bytes pane. Bug 14712[27].
• Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols
enabled. Bug 15014[28].
• ESP will not decode since 2.6.2 - works fine in 2.4.6 or 2.4.8.
Bug 15056[29].
• text2pcap generates malformed packets when TCP, UDP or SCTP
headers are added together with IPv6 header. Bug 15194[30].
• Wireshark tries to decode EAP-SIM Pseudonym Identity. Bug
15196[31].
• Infinite read loop when extcap exits with error and error
message. Bug 15205[32].
• MATE unable to extract fields for PDU. Bug 15208[33].
• Malformed Packet: SV. Bug 15224[34].
• OPC UA Max nesting depth exceeded for valid packet. Bug
15226[35].
• TShark 2.6 does not print GeoIP information. Bug 15230[36].
• ISUP (ANSI) packets malformed in WS versions later than 2.4.8.
Bug 15236[37].
• Handover candidate enquire message not decoded. Bug 15237[38].
• TShark piping output in a cmd or PowerShell prompt stops working
when GeoIP is enabled. Bug 15248[39].
• ICMPv6 with routing header incorrectly placed. Bug 15270[40].
• IEEE 802.11 Vendor Specific fixed fields display as malformed
packets. Bug 15273[41].
• text2pcap -4 and -6 option should require -i as well. Bug
15275[42].
• text2pcap direction sensitivity does not affect dummy ethernet
addresses. Bug 15287[43].
• MLE security suite display incorrect. Bug 15288[44].
• Message for incorrect IPv4 option lengths is incorrect. Bug
15290[45].
• TACACS+ dissector does not properly reassemble large accounting
messages. Bug 15293[46].
• NLRI of S-PMSI A-D BGP route not being displayed. Bug 15307[47].
Updated Protocol Support
BGP, DCERPC, DCOM, DNS, EAP, ESP, GSM A BSSMAP, IEEE 802.11, IEEE
802.11 Radiotap, IPv4, IPv6, ISUP, LBMPDM, LISP, MLE, MMSE, OpcUa,
PVFS, SLL, SSL/TLS, SV, TACACS+, TCAP, Wi-SUN, XRA, and ZigBee ZCL
New and Updated Capture File Support
3GPP TS 32.423 Trace and IxVeriWave
New and Updated Capture Interfaces support
sshdump
|
|
Wireshark 2.6.4 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-47[1]
• MS-WSP dissector crash. Bug 15119[2]. CVE-2018-18227[3].
• wnpa-sec-2018-48[4]
• Steam IHS Discovery dissector memory leak. Bug 15171[5].
CVE-2018-18226[6].
• wnpa-sec-2018-49[7]
• CoAP dissector crash. Bug 15172[8]. CVE-2018-18225[9].
• wnpa-sec-2018-50[10]
• OpcUA dissector crash. CVE-2018-12086[11].
The following bugs have been fixed:
• HTTP2 dissector decodes first SSL record only. Bug 11173[12].
• Undocumented sub-option for -N option in man page and tshark -N
help. Bug 14826[13].
• Mishandling of Port Control Protocol option padding. Bug
14950[14].
• MGCP: parameter lines are case-insensitive. Bug 15008[15].
• Details of 2nd sub-VSA in bundled RADIUS VSA are incorrect. Bug
15073[16].
• Heuristic DPLAY dissector fails to recognize DPLAY packets. Bug
15092[17].
• gsm_rlcmac_dl dissector exception. Bug 15112[18].
• dfilter_buttons file under user-created profile. Bug 15114[19].
• Filter buttons disappear when using pre-2.6 profile. Bug
15121[20].
• PROFINET Information element AM_DeviceIdentification in Asset
Management Info block is decoded wrongly. Bug 15140[21].
• Hw dest addr column shows incorrect address. Bug 15144[22].
• Windows dumpcap -i TCP@<ip-address> fails on pcapng stream. Bug
15149[23].
• Wildcard expansion doesn’t work on Windows 10 for command-line
programs in cmd.exe or PowerShell. Bug 15151[24].
• SSL Reassembly Error New fragment past old data limits. Bug
15158[25].
Updated Protocol Support
ASN.1 PER, Bluetooth HCI_SCO, CoAP, DPLAY, IEEE 802.11, Kafka,
Message Analyzer, MGCP, MS-WSP, Netmon, OpcUa, PCP, PNIO, RADIUS,
Steam IHS Discovery, and TLS
|
|
|
|
|
|
|
|
Readd ${PLIST.icons} as it was in net/wireshark/PLIST,-r1.36 in order to at
least fix wireshark when is built with `-qt5' option.
|
|
Fix some pkglint warnings while here.
Wireshark 2.6.3 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-44[1]
• Bluetooth AVDTP dissector crash. Bug 14884[2]. CVE-2018-16058[3].
• wnpa-sec-2018-45[4]
• Bluetooth Attribute Protocol dissector crash. Bug 14994[5].
CVE-2018-16056[6].
• wnpa-sec-2018-46[7]
• Radiotap dissector crash. Bug 15022[8]. CVE-2018-16057[9].
The following bugs have been fixed:
• Wireshark Hangs on startup initializing external capture plugins.
Bug 14657[10].
• Qt: SCTP Analyse Association Dialog: Segmentation fault when
clicking twice the Filter Association button. Bug 14970[11].
• Incorrect presentation of dissected data item (NETMASK) in ISAKMP
dissector. Bug 14987[12].
• Decode NFAPI: CONFIG.request Error. Bug 14988[13].
• udpdump frame too long error. Bug 14989[14].
• ISDN - LAPD dissector broken since version 2.5.0. Bug 15018[15].
• ASTERIX Category 062 / 135 Altitude has wrong value. Bug
15030[16].
• Wireshark cannot decrypt SSL/TLS session if it was proxied over
HTTP tunnel. Bug 15042[17].
• TLS records in a HTTP tunnel are displayed as "Encrypted
Handshake Message". Bug 15043[18].
• BTATT Dissector: Temperature Measurement: Celsius and Fahrenheit
swapped. Bug 15058[19].
• Diameter AVP User Location Info, Mobile Network Code decoded not
correctly. Bug 15068[20].
• Heartbeat message "Info" displayed without comma separator. Bug
15079[21].
Updated Protocol Support
ASTERIX, Bluetooth, Bluetooth ATT, Bluetooth AVDTP, DHCP, DTLS,
E.212, FP, GSM A RR, HTTP, HTTP2, IEEE 802.11, ISAKMP, ISDN, K12,
NFAPI, Nordic BLE, PFCP, Radiotap, SSL, Steam IHS Discovery, and TLS
1.3
New and Updated Capture File Support
pcapng
New and Updated Capture Interfaces support
ciscodump, udpdump
|
|
|
|
Wireshark 2.6.2 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-34[1]
• BGP dissector large loop. Bug 13741[2]. CVE-2018-14342[3].
• wnpa-sec-2018-35[4]
• ISMP dissector crash. Bug 14672[5]. CVE-2018-14344[6].
• wnpa-sec-2018-36[7]
• Multiple dissectors could crash. Bug 14675[8]. CVE-2018-14340[9].
• wnpa-sec-2018-37[10]
• ASN.1 BER dissector crash. Bug 14682[11]. CVE-2018-14343[12].
• wnpa-sec-2018-38[13]
• MMSE dissector infinite loop. Bug 14738[14]. CVE-2018-14339[15].
• wnpa-sec-2018-39[16]
• DICOM dissector crash. Bug 14742[17]. CVE-2018-14341[18].
• wnpa-sec-2018-40[19]
• Bazaar dissector infinite loop. Bug 14841[20].
CVE-2018-14368[21].
• wnpa-sec-2018-41[22]
• HTTP2 dissector crash. Bug 14869[23]. CVE-2018-14369[24].
• wnpa-sec-2018-42[25]
• CoAP dissector crash. Bug 14966[26]. CVE-2018-14367[27].
The following bugs have been fixed:
• ISMP.EDP "Tuples" dissected incorrectly. Bug 4943[28].
• Wireshark - Race issue when switching between files using
Wireshark’s "Files in Set" dialog. Bug 10870[29].
• Sorting on "Source port" or "Destination port" column sorts
alphabetically, not numerically. Bug 11460[30].
• Wireshark crashes when changing profiles. Bug 11648[31].
• Crash when starting capture while saving capture file or
rescanning file after display filter change. Bug 13594[32].
• Crash when switching to TRANSUM enabled profile. Bug 13697[33].
• TCP retransmission with additional payload leads to incorrect
bytes and length in stream. Bug 13700[34].
• Wireshark crashes with single quote string display filter. Bug
14084[35].
• randpkt can write packets that libwiretap can’t read. Bug
14107[36].
• Wireshark crashes when loading new file before previous load has
finished. Bug 14351[37].
• Valid packet produces Malformed Packet: OpcUa. Bug 14465[38].
• Error received from dissect_wccp2_hash_assignment_info(). Bug
14573[39].
• CRC checker wrong for FPP. Bug 14610[40].
• Cross-build broken due to make-dissectors and make-taps. Bug
14622[41].
• Extraction of SMB file results in wrong size. Bug 14662[42].
• 6LoWPAN dissector merges fragments from different sources. Bug
14700[43].
• IP address to name resolution doesn’t work in TShark. Bug
14711[44].
• "Decode as" Modbus RTU over USB doesn’t work with 2.6.0 but with
2.4.6. Bug 14717[45].
• proto_tree_add_protocol_format might leak memory. Bug 14719[46].
• tostring for NSTime objects in lua gives wrong results. Bug
14720[47].
• Media type "application/octet-stream" registered for both Thread
and UASIP. Bug 14729[48].
• Crash related to SCTP tap. Bug 14733[49].
• Formatting of OSI area addresses/address prefixes goes past the
end of the area address/address prefix. Bug 14744[50].
• ICMPv6 Router Renumbering - Packet Dissector - malformed. Bug
14755[51].
• WiMAX HARQ MAP decoder segfaults when length is too short. Bug
14780[52].
• HTTP PUT request following a HEAD request is not correctly
decoded. Bug 14793[53].
• SYNC PDU type 3 miss the last PDU length. Bug 14823[54].
• Reversed 128 bits service UUIDs when Bluetooth Low Energy
advertisement data are dissected. Bug 14843[55].
• Issues with Wireshark when the user doesn’t have permission to
capture. Bug 14847[56].
• Wrong description when LE Bluetooth Device Address type is
dissected. Bug 14866[57].
• LE Role advertisement type (0x1c) is not dissected properly
according to the Bluetooth specification. Bug 14868[58].
• Regression: Wireshark 2.6.0 and 2.6.1 are unable to read NetMon
files which were readable by previous versions. Bug 14876[59].
• Wireshark doesn’t properly display (deliberately) invalid 220
responses from Postfix. Bug 14878[60].
• Follow TCP Stream and click reassembled content moves you to
incorrect current packet. Bug 14898[61].
• Crash when changing profiles while loading a capture file. Bug
14918[62].
• Duplicate PDU during C Arrays Output Export. Bug 14933[63].
• DCE/RPC not dissected when "reserved for use by implementations"
flag bits set. Bug 14942[64].
• Follow TCP Stream truncates output on missing (but ACKed)
segments. Bug 14944[65].
• There’s no option to include column headings when printing
packets or exporting packet dissections with Qt Wireshark. Bug
14945[66].
• Qt: SCTP Graph Dialog: Abort when doing analysis. Bug 14971[67].
• CMake is unable to find LUA libraries. Bug 14983[68].
Updated Protocol Support
6LoWPAN, ASN.1 BER, Bazaar, BGP, Bluetooth, Bluetooth HCI_CMD, CIGI,
Cisco ttag, CoAP, Data, DCERPC, Diameter 3GPP, DICOM, DOCSIS, FPP,
GSM A GM, GTPv2, HTTP, HTTP2, IAX2, ICMPv6, IEEE 1722, IEEE 802.11,
IPv4, ISMP, LISP, MMSE, MTP3, MySQL, NFS, OpcUa, PPI GPS, Q.931,
RNSAP, RPCoRDMA, S1AP, SCTP, SMB, SMTP, STUN, SYNC, T.30, TCP,
TRANSUM, WAP, WCCP, Wi-SUN, WiMax HARQ Map Message, and WSP
New and Updated Capture File Support
Alcatel-Lucent Ascend and Microsoft Network Monitor
|
|
|
|
|
|
|
|
|
|
Wireshark 2.6.1 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• ws-sa2018-25
• The LDSS dissector could crash. (ws-bug14615)
• ws-sa2018-26
• The IEEE 1905.1a dissector could crash. (ws-bug14647)
• ws-sa2018-27
• The RTCP dissector could crash. (ws-bug14673)
• ws-sa2018-28
• Multiple dissectors could consume excessive memory. (ws-bug14678)
• ws-sa2018-29
• The DNS dissector could crash. (ws-bug14681)
• ws-sa2018-30
• The GSM A DTAP dissector could crash. (ws-bug14688)
• ws-sa2018-31
• The Q.931 dissector could crash. (ws-bug14689)
• ws-sa2018-32
• The IEEE 802.11 dissector could crash. (ws-bug14686)
• ws-sa2018-33
• Multiple dissectors could crash. (ws-bug14703)
The following bugs have been fixed:
• Qt GUI does not snap to exactly half of screen in Windows. (Bug
13516[1])
• Segmentation fault when switching profiles. (Bug 14316[2])
• QUIC dissector produces incorrect packet numbers (wrong-endian).
(Bug 14462[3])
• Wrong default file format chosen in when saving a capture with
comments added if the original format doesn’t support comments.
(Bug 14601[4])
• Lua: Error during loading [AppData directory]:1: bad argument #1
to dofile (dofile: file does not exist). (Bug 14619[5])
• Crash when selecting text. (Bug 14620[6])
• ui/macosx directory missing from source release tarball. (Bug
14627[7])
• Wireshark 2.9.0 snapshot crashes/segfaults on Windows when
launched with -k or -i. (Bug 14632[8])
• "Copy as printable text" isn’t copying non-alphanumeric
characters. (Bug 14633[9])
• File missing from release tarball. (Bug 14634[10])
• NEWS is out of date and does not display properly in Notepad.
(Bug 14636[11])
• l16mono.so is installed in the wrong place. (Bug 14638[12])
• Remove: HACK to support UHD’s weird header offset on data
packets. (Bug 14641[13])
• WinSparkle 0.5.6 is out of date and is buggy. (Bug 14642[14])
• Unable to create or open VOIP captures. (Bug 14648[15])
• RTMPT: incorrect dissection of multiple RTMP packets within a
single TCP packet. (Bug 14650[16])
• Endpoints dialog displays invalid GeoIP information due to
incorrect byte order. (Bug 14656[17])
• Qt: Crash in ShowPacketBytesDialog(). (Bug 14658[18])
• Statistics → Resolved addresses show IP addresses without domain.
(Bug 14667[19])
• Erroneous MAC-LTE Dissection for Sidelink Shared Channel Packets.
(Bug 14669[20])
• Files missing from docbook CMake file. (Bug 14676[21])
• Wireshark hangs when opening certain files if it’s been
configured to use the new GeoIP databases. (Bug 14701[22])
The “Open”, “Save”, and other file dialogs should now be shown at the
correct size on HiDPI Windows systems.
Updated Protocol Support
BATADV, BT LE LL, CoAP, DNS, DTLS, GSM A DTAP, GSM A GM, GTP, GTPv2,
IEEE 1905.1a, IEEE 802.11, LDSS, LwM2M-TLV, MAC LTE, NAS EPS, Q.931,
RTCP, RTMPT, SDP, TCP, and VITA 49
New and Updated Capture File Support
3GPP TS 32.423 Trace and Android Logcat
|
|
Addresses PR 53256 by martin@
Bump PKGREVISION.
|
|
Switch default GUI from gtk3 to qt5. See What's New below for "why".
What’s New
Wireshark 2.6 is the last release that will support the legacy (GTK+)
user interface. It will not be supported or available in Wireshark
3.0.
Many user interface improvements have been made. See the “New and
Updated Features” section below for more details.
Bug Fixes
The following bugs have been fixed:
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
New and Updated Features
The following features are new (or have been significantly updated)
since version 2.5.0:
• HTTP Request sequences are now supported.
• Wireshark now supports MaxMind DB files. Support for GeoIP and
GeoLite Legacy databases has been removed.
• The Windows packages are now built using Microsoft Visual Studio
2017.
• The IP map feature (the “Map” button in the “Endpoints” dialog)
has been removed.
The following features are new (or have been significantly updated)
since version 2.4.0:
• Display filter buttons can now be edited, disabled, and removed
via a context menu directly from the toolbar
• Drag & Drop filter fields to the display filter toolbar or edit
to create a button on the fly or apply the filter as a display
filter.
• Application startup time has been reduced.
• Some keyboard shortcut mix-ups have been resolved by assigning
new shortcuts to Edit → Copy methods.
• TShark now supports color using the --color option.
• The "matches" display filter operator is now case-insensitive.
• Display expression (button) preferences have been converted to a
UAT. This puts the display expressions in their own file.
Wireshark still supports preference files that contain the old
preferences, but new preference files will be written without the
old fields.
• SMI private enterprise numbers are now read from the
“enterprises.tsv” configuration file.
• The QUIC dissector has been renamed to Google QUIC (quic →
gquic).
• The selected packet number can now be shown in the Status Bar by
enabling Preferences → Appearance → Layout → Show selected packet
number.
• File load time in the Status Bar is now disabled by default and
can be enabled in Preferences → Appearance → Layout → Show file
load time.
• Support for the G.729A codec in the RTP Player is now added via
the bcg729 library.
• Support for hardware-timestamping of packets has been added.
• Improved NetMon .cap support with comments, event tracing,
network filter, network info types and some Message Analyzer
exported types.
• The personal plugins folder on Linux/Unix is now
~/.local/lib/wireshark/plugins.
• TShark can print flow graphs using -z flow…
• Capinfos now prints SHA256 hashes in addition to RIPEMD160 and
SHA1. MD5 output has been removed.
• The packet editor has been removed. (This was a GTK+ only
experimental feature.)
• Support BBC micro:bit Bluetooth profile
• The Linux and UNIX installation step for Wireshark will now
install headers required to build plugins. A pkg-config file is
provided to help with this (see “doc/plugins.example” for
details). Note you must still rebuild all plugins between minor
releases (X.Y).
• The Windows installers and packages now ship with Qt 5.9.4.
• The generic data dissector can now uncompress zlib compressed
data.
• DNS Stats now supports service level statistics.
• DNS filters for retransmissions and unsolicited responses have
been added.
• The “tcptrace” TCP Stream graph now shows duplicate ACKS and zero
window advertisements.
• The membership operator now supports ranges, allowing display
filters such as tcp.port in {4430..4434} to be expressed. See the
User’s Guide, chapter Building display filter expressions for
details.
New Protocol Support
ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast Tunneling),
AVSP (Arista Vendor Specific Protocol), Bluetooth Mesh, Broadcom tags
(Broadcom Ethernet switch management frames), CAN-ETH, CVS password
server, Excentis DOCSIS31 XRA header, F1 Application Protocol,
F5ethtrailer, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.11ax (High
Efficiency WLAN (HEW)), IEEE 802.15.9 IEEE Recommended Practice for
Transport of Key Management Protocol (KMP) Datagrams, IEEE 802.3br
Frame Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency Protocol
(UDP), Network Functional Application Platform Interface (NFAPI)
Protocol, New Radio Radio Link Control protocol, New Radio Radio
Resource Control protocol, NR (5G) MAC protocol, NXP 802.15.4 Sniffer
Protocol, Object Security for Constrained RESTful Environments
(OSCORE), PFCP (Packet Forwarding Control Protocol), Protobuf
(Protocol Buffers), QUIC (IETF), RFC 4108 Using CMS to Protect
Firmware Packages, Session Multiplex Protocol, SolarEdge monitoring
protocol, Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP
and OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN
Protocol
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
Microsoft Network Monitor
New and Updated Capture Interfaces support
LoRaTap
|
|
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2018-15
The MP4 dissector could crash. ([2]Bug 13777)
* [3]wnpa-sec-2018-16
The ADB dissector could crash. ([4]Bug 14460)
* [5]wnpa-sec-2018-17
The IEEE 802.15.4 dissector could crash. ([6]Bug 14468)
* [7]wnpa-sec-2018-18
The NBAP dissector could crash. ([8]Bug 14471)
* [9]wnpa-sec-2018-19
The VLAN dissector could crash. ([10]Bug 14469)
* [11]wnpa-sec-2018-20
The LWAPP dissector could crash. ([12]Bug 14467)
* [13]wnpa-sec-2018-21
The TCP dissector could crash. ([14]Bug 14472)
* [15]wnpa-sec-2018-22
The CQL dissector could to into an infinite loop. ([16]Bug 14530)
* [17]wnpa-sec-2018-23
The Kerberos dissector could crash. ([18]Bug 14576)
* [19]wnpa-sec-2018-24
Multiple dissectors and other modules could leak memory. The TN3270
([20]Bug 14480), ISUP ([21]Bug 14481), LAPD ([22]Bug 14482), SMB2
([23]Bug 14483), GIOP ([24]Bug 14484), ASN.1 ([25]Bug 14485), MIME
multipart ([26]Bug 14486), H.223 ([27]Bug 14487), and PCP ([28]Bug
14488) dissectors were susceptible along with Wireshark and TShark
([29]Bug 14489).
The following bugs have been fixed:
* TRANSUM doesn't account for DNS retries in the Request Spread.
([30]Bug 14210)
* BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not
able to decode the packet correctly. ([31]Bug 14241)
* Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes
in later releases. ([32]Bug 14293)
* PEEKREMOTE dissector lacks 80mhz support, short preamble support
and spatial streams encoding. ([33]Bug 14452)
* Statistics > UDP Multicast Streams > [Copy|Save as..] is broken.
([34]Bug 14477)
* Typo error in enumeration value of speech version identifier.
([35]Bug 14528)
* In "Unsaved packets" dialog one can NOT use keyboard to choose
"Continue without Saving". ([36]Bug 14531)
* WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. ([37]Bug
14538)
* Buildbot crash output: fuzz-2018-03-19-19114.pcap. ([38]Bug 14544)
* alloca() used in wsutil/getopt_long.c without <alloca.h> inclusion.
([39]Bug 14552)
* HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. ([40]Bug
14554)
* Makefile.in uses non-portable "install" command. ([41]Bug 14555)
* HP-UX HP ANSI C doesn't support assigning {} to a variable in
epan/app_mem_usage.c. ([42]Bug 14556)
* PPP in SSTP, HDLC framing not parsed properly. ([43]Bug 14559)
* Using the DIAMETER dictionary causes the standard input to be
closed when the dictionary is read. ([44]Bug 14577)
Updated Protocol Support
6LoWPAN, ADB, BGP, CQL, DNS, Ethernet, GIOP, GSM BSSMAP, H.223, IEEE
802.11, IEEE 802.11 Radiotap, IEEE 802.15.4, ISUP, Kerberos, LAPD,
LWAPP, MIME multipart, MP4, NBAP, NORDIC_BLE, PCP, PEEKREMOTE, S1AP,
SMB2, SSTP, T.30, TCP, TN3270, TRANSUM, VLAN, WCCP, and WSP
|
|
|
|
|
|
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2018-05
The IEEE 802.11 dissector could crash. [2]Bug 14442,
[3]CVE-2018-7335
* [4]wnpa-sec-2018-06
Multiple dissectors could go into large infinite loops. All ASN.1
BER dissectors ([5]Bug 14444), along with the DICOM ([6]Bug 14411),
DMP ([7]Bug 14408), LLTD ([8]Bug 14419), OpenFlow ([9]Bug 14420),
RELOAD ([10]Bug 14445), RPCoRDMA ([11]Bug 14449), RPKI-Router
([12]Bug 14414), S7COMM ([13]Bug 14423), SCCP ([14]Bug 14413),
Thread ([15]Bug 14428), Thrift ([16]Bug 14379), USB ([17]Bug
14421), and WCCP ([18]Bug 14412) dissectors were susceptible.
* [19]wnpa-sec-2018-07
The UMTS MAC dissector could crash. [20]Bug 14339,
[21]CVE-2018-7334
* [22]wnpa-sec-2018-08
The DOCSIS dissector could crash. [23]Bug 14446, [24]CVE-2018-7337
* [25]wnpa-sec-2018-09
The FCP dissector could crash. [26]Bug 14374, [27]CVE-2018-7336
* [28]wnpa-sec-2018-10
The SIGCOMP dissector could crash. [29]Bug 14398, [30]CVE-2018-7320
* [31]wnpa-sec-2018-11
The pcapng file parser could crash. [32]Bug 14403,
[33]CVE-2018-7420
* [34]wnpa-sec-2018-12
The IPMI dissector could crash. [35]Bug 14409, [36]CVE-2018-7417
* [37]wnpa-sec-2018-13
The SIGCOMP dissector could crash. [38]Bug 14410, [39]CVE-2018-7418
* [40]wnpa-sec-2018-14
The NBAP disssector could crash. [41]Bug 14443, [42]CVE-2018-7419
The following bugs have been fixed:
* Change placement of "double chevron" in Filter Toolbar to eliminate
overlap. ([43]Bug 14121)
* AutoScroll does not work. ([44]Bug 14257)
* BOOTP/DHCP: malformed packet -> when user class option (77) is
present. ([45]Bug 14312)
* GET MAX LUN wLength decoded as big-endian - USB Mass Storage.
([46]Bug 14360)
* Unable to create Filter Expression Button for a yellow filter.
([47]Bug 14369)
* Buildbot crash output: fuzz-2018-01-28-15874.pcap. ([48]Bug 14371)
* NetScaler RPC segmentation fault / stack overflow. ([49]Bug 14399)
* [oss-fuzz] #6028 RPC_NETLOGON: Direct-leak in g_malloc
(generate_hash_key). ([50]Bug 14407)
* Newline "\n" in packet list field increase line height for all
rows. ([51]Bug 14424)
* ieee80211-radio.c preamble duration calculation not correct.
([52]Bug 14439)
* DIS: Malformed packet in SISO-STD-002 transmitter. ([53]Bug 14441)
Updated Protocol Support
ASN.1 BER, BOOTP/DHCP, DCE RPC NETLOGON, DICOM, DIS, DMP, DOCSIS, EPL,
FCP, GSM A RR, HSRP, IAX2, IEEE 802.11, Infiniband, IPMI, IPv6, LDAP,
LLTD, NBAP, NetScaler RPC, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router,
S7COMM, SCCP, SIGCOMP, Thread, Thrift, TLS/SSL, UMTS MAC, USB, USB Mass
Storage, and WCCP
New and Updated Capture File Support
pcap pcapng
|
|
|
|
|
|
Changelog:
## Bug Fixes
The following bugs have been fixed:
wnpa-sec-2018-01
Multiple dissectors could crash. (Bug 14253) CVE-2018-5336
wnpa-sec-2018-03
The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334
wnpa-sec-2018-04
The WCP dissector could crash. (Bug 14251) CVE-2018-5335
Prior to this release dumpcap enabled the Linux kernel's BPF JIT compiler
via the net.core.bpf_jit_enable sysctl. This could make systems
more vulnerable to Spectre variant 1 (CVE-2017-5753) and this feature
has been removed (Bug 14313).
Some keyboard shortcut mix-up has been resolved by assigning
new shortcuts to Edit -> Copy methods.
Remote interfaces are not saved. (Bug 8557)
Additional grouping in Expert Information dialog. (Bug 11753)
First start with non-empty extcap folder after install or reboot
hangs at "initializing tap listeners". (Bug 12845)
Can't hide expert categories in Expert Information. (Bug 13831)
Expert info dialog should have "Collapse All"/"Expand All" options.
(Bug 13842)
SIP Statistics extract does not work. (Bug 13942)
Service Response Time - SCSI dialog crashes. (Bug 14144)
Wireshark & Tshark 2.4.2 core dumps with segmentation fault. (Bug 14194)
SSH remote capture promiscuous mode. (Bug 14237)
SOCKS pseudo header displays incorrect Version value. (Bug 14262)
Only first variable of list is dissected in NTP Control request
message. (Bug 14268)
NTP Authenticator field dissection fails if padding is used. (Bug 14269)
BSSAP packet dissector issue - BSSAP_UPLINK_TUNNEL_REQUEST message.
(Bug 14289)
"[Malformed Packet]" for Mobile IP (MIP) protocol. (Bug 14292)
There is a potential buffer underflow in File_read_line function in
epan/wslua/wslua_file.c file. (Bug 14295)
Saving a temporary capture file may not result in the temporary
file being removed. (Bug 14298)
## Updated Protocol Support
Bluetooth, BSSAP, BT ATT, BT HCI, BT SMP, MIP, NTP, SCTP, SOCKS, UDS, and WCP
|
|
Changelog:
Bug Fixes
The following bugs have been fixed:
wnpa-sec-2017-47
The IWARP_MPA dissector could crash. (Bug 14236)
wnpa-sec-2017-48
The NetBIOS dissector could crash. (Bug 14249)
wnpa-sec-2017-49
The CIP Safety dissector could crash. (Bug 14250)
"tshark -G ?" doesn't provide expected help. (Bug 13984)
File loading is very slow with TRANSUM dissector enabled. (Bug 14094)
packet-knxnetip.c:936: bad bitmask ?. (Bug 14115)
packet-q931.c:1306: bad compare ?. (Bug 14116)
SSL Dissection bug. (Bug 14117)
Wireshark crashes when exporting various files to .csv, txt and other
'non-capture file' formats. (Bug 14128)
RLC reassembly doesn't work for RLC over UDP heuristic dissector.
Bug 14129)
HTTP Object export fails with long extension (possibly query string).
(Bug 14130)
3GPP Civic Address not displayed in Packet Details. (Bug 14131)
Wireshark prefers packet.dll in System32\\Npcap over the one in
System32. (Bug 14134)
PEEKREMOTE dissector does not decode 11ac MCS rates properly. (Bug 14136)
Visual Studio Community Edition 2015 lacks tools named in developer
guide. (Bug 14147)
TCP: Malformed data with Riverbed Probe option. (Bug 14150)
Wireshark Crash when trying to use Preferences | Advanced. (Bug 14157)
Right click on SMB2 Message ID and then Apply as Column causes Runtime
Error. (Bug 14169)
Return [Enter] should apply change (Column title - Button Label
toolbars). (Bug 14191)
Wireshark crashes if "rip.display_routing_domain" is set to TRUE in
preferences file. (Bug 14197)
Entry point inflatePrime not found for androiddump.exe and
randpktdump.exe. (Bug 14207)
BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not
able to decode the packet correctly. (Bug 14241)
Wrong SSL decryption when using EXTENDED MASTER SECRET and Client
certificate request (mutual authentication). (Bug 14243)
Frame direction isn't always set if it comes from the pcapng record
header rather than the packet pseudo-header. (Bug 14245)
Updated Protocol Support
3GPP NAS, BGP, CIP Safety, DTLS, IEEE 802.11 Radio, IWARP_MPA,
KNXnet/IP, LCSAP, MQTT, NetBIOS, PEEKREMOTE, Q.931, RIP, RLC, SIP,
SSL/TLS, TCP, and TRANSUM
|
|
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-42
BT ATT dissector crash ([2]Bug 14049) [3]CVE-2017-15192
* [4]wnpa-sec-2017-43
MBIM dissector crash ([5]Bug 14056) [6]CVE-2017-15193
* [7]wnpa-sec-2017-44
DMP dissector crash ([8]Bug 14068) [9]CVE-2017-15191
The following bugs have been fixed:
* Wireshark crash when end capturing with "Update list of packets in
real-time" option off. ([10]Bug 13024)
* Diameter service response time statistics broken in 2.2.4. ([11]Bug
13442)
* Some Infiniband Connect Req fields are not decoded correctly.
([12]Bug 13997)
* wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in
wrong place ?. ([13]Bug 14016)
* [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). ([14]Bug
14025)
* [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). ([15]Bug
14032)
* RTP Analysis "save as CSV" saves twice the forward stream, if two
streams are selected. ([16]Bug 14040)
* Cannot Apply Bitmask to Long Unsigned. ([17]Bug 14063)
Updated Protocol Support
BT ATT, DCERPC, DMP, E.212, H.248, InfiniBand, MBIM, RPC, and WSP
|
|
|
|
|
|
|
|
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-38
MSDP dissector infinite loop ([2]Bug 13933)
* [3]wnpa-sec-2017-39
Profinet I/O buffer overrun ([4]Bug 13847)
* [5]wnpa-sec-2017-41
IrCOMM dissector buffer overrun ([6]Bug 13929)
The following bugs have been fixed:
* Confusing "Apply a display filter <Command/>" keyboard shortcut.
([7]Bug 12450)
* VNC Protocol disector : Framebuffer Updates. ([8]Bug 13910)
* DNS LOC RRs with out-of-range longitude or latitude aren't shown as
errors. ([9]Bug 13914)
* DIS Dissector Entity Appearance Record displayed in wrong location.
([10]Bug 13917)
* Win64 CMake bug - (CYGWIN_INSTALL_PATH redefinition) causing
missing packages when using CMake 3.9.0. ([11]Bug 13922)
* APL records parsed incorrectly for IPv4 prefixes. ([12]Bug 13923)
* TCAP SRT Analysis incorrectly matched TCAP begins and ends.
([13]Bug 13926)
* E.212: Check length before trying 3-digits MNC. ([14]Bug 13935)
* Crash in Wireshark using Dumper:dump() from Lua. ([15]Bug 13944)
* GTPv2 - decoding issue for Packet Flow ID (type 123). ([16]Bug
13987)
* [oss-fuzz] BGP memleak: ASAN: 276 byte(s) leaked in 5
allocation(s). ([17]Bug 13995)
* Some Infiniband Connect Req fields are not decoded correctly.
([18]Bug 13997)
* 802.11 wlan.ft.subelem.r0kh_id should be sequence of bytes.
([19]Bug 14004)
Updated Protocol Support
APL, BGP, DIS, DNS, E.212, GTPv2, IEEE 802.11, InfiniBand, MSDP, MTP2,
pcapng MIME, Profinet I/O, SML, TCAP, and VNC
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-13
WBMXL dissector infinite loop ([2]Bug 13477, [3]Bug 13796)
[4]CVE-2017-7702, cve-idlink:CVE-2017-11410[] Note: This is an
update for a fix in Wireshark 2.2.6 and 2.0.12.
* [5]wnpa-sec-2017-28
openSAFETY dissector memory exhaustion ([6]Bug 13649, [7]Bug 13755)
[8]CVE-2017-9350, [9]CVE-2017-11411 Note: This is an update for a
fix in Wireshark 2.2.7.
* [10]wnpa-sec-2017-34
AMQP dissector crash. ([11]Bug 13780) [12]CVE-2017-11408
* [13]wnpa-sec-2017-35
MQ dissector crash. ([14]Bug 13792) [15]CVE-2017-11407
* [16]wnpa-sec-2017-36
DOCSIS infinite loop. ([17]Bug 13797) [18]CVE-2017-11406
The following bugs have been fixed:
* Y.1711 dissector reverses defect type order. ([19]Bug 8292)
* Packet list keeps scrolling back to selected packet while names are
being resolved. ([20]Bug 12074)
* [REGRESSION] Export Objects do not show files from a SMB2 capture.
([21]Bug 13214)
* LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values.
([22]Bug 13481)
* Hexpane showing in proportional font again. ([23]Bug 13638)
* Regression in SCCP fragments handling. ([24]Bug 13651)
* TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. ([25]Bug 13739)
* Dissector for WSMP (IEEE 1609.3) not current. ([26]Bug 13766)
* RANAP: possible issue in the heuristic code. ([27]Bug 13770)
* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
int in packet-btrfcomm.c:314:37. ([28]Bug 13783)
* RANAP: false positives on heuristic algorithm. ([29]Bug 13791)
* Automatic name resolution not saved to PCAP-NG NRB. ([30]Bug 13798)
* DAAP dissector dissect_daap_one_tag recursion stack exhausted.
([31]Bug 13799)
* Malformed DCERPC PNIO packet decode, exception handler invalid
poionter reference. ([32]Bug 13811)
* It seems SPVID was decoded from wrong field. ([33]Bug 13821)
* README.dissectors: Add notes about predefined string structures not
available to plugin authors. ([34]Bug 13828)
* Statistics->Packet Lengths doesn't display details for 5120 or
greater. ([35]Bug 13844)
* cmake/modules/FindZLIB.cmake doesn't find inflatePrime. ([36]Bug
13850)
* BGP: incorrect decoding COMMUNITIES whose length is larger than
255. ([37]Bug 13872)
Updated Protocol Support
AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM
BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF,
PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC,
WBXML, WSMP, and Y.1711
|
