| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
What's New
Bug Fixes
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([1]Bug 12712)
* Extcap errors not reported back to UI. ([2]Bug 11892)
New and Updated Features
The following features are new (or have been significantly updated)
since version 2.2.0rc1:
"Decode As" supports SSL (TLS) over TCP.
The following features are new (or have been significantly updated)
since version 2.1.1:
* Invalid coloring rules are now disabled instead of discarded. This
will provide backward compatibility with a coloring rule change in
Wireshark 2.2.
The following features are new (or have been significantly updated)
since version 2.1.0:
* Added -d option for Decode As support in Wireshark (mimics TShark
functionality)
* The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
TShark can additionally export packets as Elasticsearch-compatible
JSON.
* The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
deprecated.
* The Conversations and Endpoints dialogs are more responsive when
viewing large numbers of items.
* The RTP player now allows up to 30 minutes of silence frames.
* Packet bytes can now be displayed as EBCDIC.
* The Qt UI loads captures faster on Windows.
* proto_tree_add_checksum was added as an API. This attempts to
standardize how checksums are reported and filtered for within
*Shark. There are no more individual "good" and "bad" filter
fields, protocols now have a "checksum.status" field that records
"Good", "Bad" and "Unverified" (neither good or bad). Color filters
provided with Wireshark have been adjusted to the new display
filter names, but custom ones may need to be updated.
The following features are new (or have been significantly updated)
since version 2.0.0:
* The intelligent scroll bar now sits to the left of a normal scroll
bar and provides a clickable map of nearby packets.
* You can now switch between between Capture and File Format
dissection of the current capture file via the View menu in the Qt
GUI.
* You can now show selected packet bytes as ASCII, HTML, Image, ISO
8859-1, Raw, UTF-8, a C array, or YAML.
* You can now use regular expressions in Find Packet and in the
advanced preferences.
* Name resolution for packet capture now supports asynchronous DNS
lookups only. Therefore the "concurrent DNS resolution" preference
has been deprecated and is a no-op. To enable DNS name resolution
some build dependencies must be present (currently c-ares). If that
is not the case DNS name resolution will be disabled (but other
name resolution mechanisms, such as host files, are still
available).
* The byte under the mouse in the Packet Bytes pane is now
highlighted.
* TShark supports exporting PDUs via the -U flag.
* The Windows and OS X installers now come with the "sshdump" and
"ciscodump" extcap interfaces.
* Most dialogs in the Qt UI now save their size and positions.
* The Follow Stream dialog now supports UTF-16.
* The Firewall ACL Rules dialog has returned.
* The Flow (Sequence) Analysis dialog has been improved.
* We no longer provide packages for 32-bit versions of OS X.
* The Bluetooth Device details dialog has been added.
New File Format Decoding Support
Wireshark is able to display the format of some types of files (rather
than displaying the contents of those files). This is useful when
you're curious about, or debugging, a file and its format. To open a
capture file (such as PCAP) in this mode specify "MIME Files Format" as
the file's format in the Open File dialog.
New Protocol Support
Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag,
Digital Equipment Corporation Local Area Transport, Distributed Object
Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control
Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS
Kernel Packet Header Dissector Added (IPOS), Extensible Control &
Management Protocol (eCMP), FLEXRAY Protocol dissector added
(automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO
8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP),
LAT protocol (DECNET), Metamako trailers, Network Service Header for
Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia
Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight
Machine to Machine TLV payload Added (LwM2M TLV), Real Time Location
System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service,
STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link
Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras),
USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters
Dissectors Added (Closures Lighting General Measurement & Sensing HVAC
Security & Safety)
Updated Protocol Support
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
allow to DecodeAs it over USB, TCP and UDP.
A preference was added to TCP dissector for handling IPFIX process
information. It has been disabled by default.
New and Updated Capture File Support
Micropross mplog
New and Updated Capture Interfaces support
Non-empty section placeholder.
Major API Changes
The libwireshark API has undergone some major changes:
* The address macros (e.g., SET_ADDRESS) have been removed. Use the
(lower case) functions of the same names instead.
* "old style" dissector functions (that don't return number of bytes
used) have been replaced in name with the "new style" dissector
functions.
* tvb_get_string and tvb_get_stringz have been replaced with
tvb_get_string_enc and tvb_get_stringz_enc respectively.
|
|
|
|
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-39
CORBA IDL dissector crash on 64-bit Windows. ([2]Bug 12495)
* [3]wnpa-sec-2016-41
PacketBB crash. ([4]Bug 12577)
* [5]wnpa-sec-2016-42
WSP infinite loop. ([6]Bug 12594)
* [7]wnpa-sec-2016-44
RLC long loop. ([8]Bug 12660)
* [9]wnpa-sec-2016-45
LDSS dissector crash. ([10]Bug 12662)
* [11]wnpa-sec-2016-46
RLC dissector crash. ([12]Bug 12664)
* [13]wnpa-sec-2016-47
OpenFlow long loop. ([14]Bug 12659)
* [15]wnpa-sec-2016-48
MMSE, WAP, WBXML, and WSP infinite loop. ([16]Bug 12661)
* [17]wnpa-sec-2016-49
WBXML crash. ([18]Bug 12663)
The following bugs have been fixed:
* T30 FCF byte decoding masks DTC, CIG and NCS. ([19]Bug 1918)
* TShark crashes with option "-z io,stat,..." in the presence of
negative relative packet timestamps. ([20]Bug 9014)
* Packet size limited during capture msg is repeated in the Info
column. ([21]Bug 9826)
* Wireshark loses windows decorations on second screen when
restarting maximized using GNOME. ([22]Bug 11303)
* Cannot launch GTK+ version of wireshark as a normal user. ([23]Bug
11400)
* Restart current capture fails with "no interface selected" error
when capturing in promiscuous mode. ([24]Bug 11834)
* Add field completion suggestions when adding a Display filter or Y
Field to the IO Graph. ([25]Bug 11899)
* Wireshark Qt always indicates locale as "C". ([26]Bug 11960)
* Wireshark crashes every time open Statistics -> Conversations |
Endpoints. ([27]Bug 12288)
* Find function within the conversations window does not work.
([28]Bug 12363)
* Invalid values for USB SET_REQUEST packets. ([29]Bug 12511)
* Display filter dropdown hides cursor. ([30]Bug 12520)
* Filter for field name tcp.options.wscale.multiplier cannot exceed
255. ([31]Bug 12525)
* Ctrl+ shortcuts that are not text-related do not work when focus is
on display filter field. ([32]Bug 12533)
* Closing Statistics window results in black screen. ([33]Bug 12544)
* OSPF: Incorrect description of N/P-bit in NSSA LSA. ([34]Bug 12555)
* Inconsistent VHT data rate. ([35]Bug 12558)
* DCE/RPC malformed error when stub-data is missing but a
sub-dissector has been registered. ([36]Bug 12561)
* Wireshark is marking BGP FlowSpec NLRI as malformed if NLRI length
is larger than 239 bytes. ([37]Bug 12568)
* "Edit Resolved Name" is not saved in current pcapng file. ([38]Bug
12629)
* MPTCP: MP_JOIN B bit not decoded correctly. ([39]Bug 12635)
* MPTCP MP_PRIO header with AddrID: incorrect AddrID. ([40]Bug 12641)
Updated Protocol Support
802.11 Radiotap, BGP, CAN, CANopen, H.248 Q.1950, IPv4, IPv6, LANforge,
LDSS, MPTCP, OSPF, PacketBB, PRP, RLC, RMT-FEC, RSVP, RTP MIDI, T.30,
TDS, USB, WAP, WBXML, WiMax RNG-RSP, and WSP
New and Updated Capture File Support
and pcapng
|
|
|
|
|
|
Wireshark 2.0.4 Release Notes
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-29
The SPOOLS dissector could go into an infinite loop. Discovered by
the CESG.
* [2]wnpa-sec-2016-30
The IEEE 802.11 dissector could crash. ([3]Bug 11585)
* [4]wnpa-sec-2016-31
The IEEE 802.11 dissector could crash. Discovered by Mateusz
Jurczyk. ([5]Bug 12175)
* [6]wnpa-sec-2016-32
The UMTS FP dissector could crash. ([7]Bug 12191)
* [8]wnpa-sec-2016-33
Some USB dissectors could crash. Discovered by Mateusz Jurczyk.
([9]Bug 12356)
* [10]wnpa-sec-2016-34
The Toshiba file parser could crash. Discovered by iDefense Labs.
([11]Bug 12394)
* [12]wnpa-sec-2016-35
The CoSine file parser could crash. Discovered by iDefense Labs.
([13]Bug 12395)
* [14]wnpa-sec-2016-36
The NetScreen file parser could crash. Discovered by iDefense Labs.
([15]Bug 12396)
* [16]wnpa-sec-2016-37
The Ethernet dissector could crash. ([17]Bug 12440)
The following bugs have been fixed:
* Saving pcap capture file with ERF encapsulation creates an invalid
pcap file. ([18]Bug 3606)
* Questionable calling of Ethernet dissector by encapsulating
protocol dissectors. ([19]Bug 9933)
* Wireshark 1.12.0 does not dissect HTTP correctly. ([20]Bug 10335)
* Don't copy details of hidden columns. ([21]Bug 11788)
* RTP audio player crashes. ([22]Bug 12166)
* Crash when saving RTP audio Telephony->RTP->RTP
Streams->Analyze->Save->Audio. ([23]Bug 12211)
* Edit - preferences - add column field not showing dropdown for
choices. ([24]Bug 12321)
* Using _ws.expert in a filter can cause a crash. ([25]Bug 12335)
* Crash in SCCP dissector UAT (Qt UI only). ([26]Bug 12364)
* J1939 frame without data = malformed packet ? ([27]Bug 12366)
* The stream number in tshark's "-z follow,tcp,<stream number>"
option is 0-origin rather than 1-origin. ([28]Bug 12383)
* IP Header Length display filter should show calculated value.
([29]Bug 12387)
* Multiple file radio buttons should be check boxes. ([30]Bug 12388)
* Wrong check for getaddrinfo and gethostbyname on Solaris 11.
([31]Bug 12391)
* ICMPv6 dissector doesn't respect actual packet length. ([32]Bug
12400)
* Format DIS header timestamp mm:ss.nnnnnn. ([33]Bug 12402)
* RTP Stream Analysis can no longer be sorted in 2.0.3. ([34]Bug
12405)
* RTP Stream Analysis fails to complete in 2.0.3 when packets are
sliced. ([35]Bug 12406)
* Network-Layer Name Resolution uses first 32-bits of IPv6 DNS
address as IPv4 address in some circumstances. ([36]Bug 12412)
* BACnet decoder incorrectly flags a valid APDU as a "Malformed
Packet". ([37]Bug 12422)
* Valid ISUP messages marked with warnings. ([38]Bug 12423)
* Profile command line switch "-C" not working in Qt interface.
([39]Bug 12425)
* MRCPv2: info column not showing info correctly. ([40]Bug 12426)
* Diameter: Experimental result code 5142. ([41]Bug 12428)
* Tshark crashes when analyzing RTP due to pointer being freed not
allocated. ([42]Bug 12430)
* NFS: missing information in getattr for supported exclusive create
attributes. ([43]Bug 12435)
* Ethernet type field with a value of 9100 is shown as "Unknown".
([44]Bug 12441)
* Documentation does not include support for Windows Server 2012 R2.
([45]Bug 12455)
* Column preferences ruined too easily. ([46]Bug 12465)
* SMB Open andX extended response decoded incorrectly. ([47]Bug
12472)
* SMB NtCreate andX with extended response sometimes incorrect.
([48]Bug 12473)
* Viewing NFSv3 Data, checking SRTs doesn't work. ([49]Bug 12478)
* Make wireshark with Qt enabled buildable on ARM. ([50]Bug 12483)
Updated Protocol Support
AFS, ANSI IS-637 A, BACapp, BT BNEP, Cisco FabricPath MiM, CSN.1,
DCERPC SPOOLS, DIS, Ethernet, GSM A RR, ICMPv6, IEEE 802.11, IPv4,
ISUP, J1939, JXTA, LAPSat, LPADm, LTE-RRC, MRCPv2, NFS, OpenFlow,
SGsAP, SMB, STT, TZSP, UMTS FP, and USB
New and Updated Capture File Support
Aethra, Catapult DCT2000, CoSine, DBS Etherwatch, ERF, iSeries, Ixia
IxVeriWave, NetScreen, Toshiba, and VMS TCPIPtrace
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-01
DLL hijacking vulnerability. [2]CVE-2016-2521
* [3]wnpa-sec-2016-02
ASN.1 BER dissector crash. ([4]Bug 11828) [5]CVE-2016-2522
* [6]wnpa-sec-2016-03
DNP dissector infinite loop. ([7]Bug 11938) [8]CVE-2016-2523
* [9]wnpa-sec-2016-04
X.509AF dissector crash. ([10]Bug 12002) [11]CVE-2016-2524
* [12]wnpa-sec-2016-05
HTTP/2 dissector crash. ([13]Bug 12077) [14]CVE-2016-2525
* [15]wnpa-sec-2016-06
HiQnet dissector crash. ([16]Bug 11983) [17]CVE-2016-2526
* [18]wnpa-sec-2016-07
3GPP TS 32.423 Trace file parser crash. ([19]Bug 11982)
[20]CVE-2016-2527
* [21]wnpa-sec-2016-08
LBMC dissector crash. ([22]Bug 11984) [23]CVE-2016-2528
* [24]wnpa-sec-2016-09
iSeries file parser crash. ([25]Bug 11985) [26]CVE-2016-2529
* [27]wnpa-sec-2016-10
RSL dissector crash. ([28]Bug 11829) [29]CVE-2016-2530
[30]CVE-2016-2531
* [31]wnpa-sec-2016-11
LLRP dissector crash. ([32]Bug 12048) [33]CVE-2016-2532
* [34]wnpa-sec-2016-12
Ixia IxVeriWave file parser crash. ([35]Bug 11795)
* [36]wnpa-sec-2016-13
IEEE 802.11 dissector crash. ([37]Bug 11818)
* [38]wnpa-sec-2016-14
GSM A-bis OML dissector crash. ([39]Bug 11825)
* [40]wnpa-sec-2016-15
ASN.1 BER dissector crash. ([41]Bug 12106)
* [42]wnpa-sec-2016-16
SPICE dissector large loop. ([43]Bug 12151)
* [44]wnpa-sec-2016-17
NFS dissector crash.
* [45]wnpa-sec-2016-18
ASN.1 BER dissector crash. ([46]Bug 11822)
The following bugs have been fixed:
* HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP
streams" option is enabled. ([47]Bug 9848)
* Questionable calling of ethernet dissector by encapsulating
protocol dissectors. ([48]Bug 9933)
* [Qt & Legacy & probably TShark too] Delta Time Conversation column
is empty. ([49]Bug 11559)
* extcap: abort when validating capture filter for DLT 147. ([50]Bug
11656)
* Missing columns in Qt Flow Graph. ([51]Bug 11710)
* Interface list doesn't show well when the list is very long.
([52]Bug 11733)
* Unable to use saved Capture Filters in Qt UI. ([53]Bug 11836)
* extcap: Capture interface options snaplen, buffer and promiscuous
not being used. ([54]Bug 11865)
* Improper RPC reassembly ([55]Bug 11913)
* GTPv1 Dual Stack with one static and one Dynamic IP. ([56]Bug
11945)
* Wireshark 2.0.1 MPLS dissector not decoding payload when control
word is present in pseudowire. ([57]Bug 11949)
* "...using this filter" turns white (not green or red). Plus
dropdown arrow does nothing. ([58]Bug 11950)
* EIGRP field eigrp.ipv4.destination does not show the correct
destination. ([59]Bug 11953)
* tshark -z conv,type[,filter] swapped frame / byte values from / to
columns. ([60]Bug 11959)
* The field name nstrace.tcpdbg.tcpack should be
nstrace.tcpdbg.tcprtt. ([61]Bug 11964)
* 6LoWPAN IPHC traffic class not decompressed correctly. ([62]Bug
11971)
* Crash with snooping NFS file handles. ([63]Bug 11972)
* 802.11 dissector fails to decrypt some broadcast messages. ([64]Bug
11973)
* Wireshark hangs when adding a new profile. ([65]Bug 11979)
* Issues when closing the application with a running capture without
packets. ([66]Bug 11981)
* New Qt UI lacks ability to step through multiple TCP streams with
Analyze > Follow > TCP Stream. ([67]Bug 11987)
* GTK: plugin_if_goto_frame causes Access Violation if called before
capture file is loaded. ([68]Bug 11989)
* Wireshark 2.0.1 crash on start. ([69]Bug 11992)
* Wi-Fi 4-way handshake 4/4 is displayed as 2/4. ([70]Bug 11994)
* ACN: acn.dmx.data has incorrect type. ([71]Bug 11999)
* editcap packet comment won't add multiple comments. ([72]Bug 12007)
* DICOM Sequences no longer able to be expanded. ([73]Bug 12011)
* Wrong TCP stream when port numbers are reused. ([74]Bug 12022)
* SSL decryption fails in presence of a Client certificate. ([75]Bug
12042)
* LUA: TVBs backing a data source is freed too early. ([76]Bug 12050)
* PIM: pim.group filter have the same name for IPv4 and IPv6.
([77]Bug 12061)
* Failed to parse M3AP IE (TNL information). ([78]Bug 12070)
* Wrong interpretation of Instance ID value in OSPFv3 packet.
([79]Bug 12072)
* MP2T Dissector does parse RTP properly in 2.0.1. ([80]Bug 12099)
* editcap does not adjust time for frames with absolute timestamp 0 <
t < 1 secs. ([81]Bug 12116)
* Guard Interval is not consistent between Radiotap & wlan_radio.
([82]Bug 12123)
* Calling dumpcap -i- results in access violation. ([83]Bug 12143)
* Qt: Friendly Name and Interface Name columns should not be
editable. ([84]Bug 12146)
* PPTP GRE call ID not always decoded. ([85]Bug 12149)
* Interface list does not show device description anymore. ([86]Bug
12156)
* Find Packet does not highlight the matching tree item or packet
bytes. ([87]Bug 12157)
* "total block length ... is too large" error when opening pcapng
file with multiple SHB sections. ([88]Bug 12167)
* http.request.full_uri is malformed if an HTTP Proxy is used.
([89]Bug 12176)
* SNMP dissector fails at msgSecurityParameters with long length
encoding. ([90]Bug 12181)
Updated Protocol Support
6LoWPAN, ACN, ASN.1 BER, BATADV, DICOM, DNP3, DOCSIS INT-RNG-REQ, E100,
EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet, HTTP, HTTP/2, IEEE 802.11,
IKEv2, InfiniBand, IPv4, IPv6, LBMC, LLRP, M3AP, MAC LTE, MP2T, MPLS,
NFS, NS Trace, OSPF, PIM, PPTP, RLC LTE, RoHC, RPC, RSL, SNMP, SPICE,
SSL, TCP, TRILL, VXLAN, WaveAgent, and X.509AF
New and Updated Capture File Support
3GPP TS 32.423 Trace, iSeries, Ixia IxVeriWave, pcap, and pcapng
|
|
|
|
|
|
version upstream.
|
|
|
|
Changelog:
Wireshark 1.12.9 Release Notes
__________________________________________________________________
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2015-31
NBAP dissector crashes. ([2]Bug 11602, [3]Bug 11835, [4]Bug 11841)
* [5]wnpa-sec-2015-32
UMTS FP dissector crashes. ([6]Bug 11602, [7]Bug 11606)
* [8]wnpa-sec-2015-33
DCOM dissector crash. ([9]Bug 11610)
* [10]wnpa-sec-2015-34
AllJoyn dissector infinite loop. ([11]Bug 11607)
* [12]wnpa-sec-2015-35
T.38 dissector crash. ([13]Bug 9887)
* [14]wnpa-sec-2015-36
SDP dissector crash. ([15]Bug 9887)
* [16]wnpa-sec-2015-37
NLM dissector crash.
* [17]wnpa-sec-2015-38
DNS dissector crash. ([18]Bug 10988)
* [19]wnpa-sec-2015-39
BER dissector crash.
* [20]wnpa-sec-2015-40
Zlib decompression crash. ([21]Bug 11548)
* [22]wnpa-sec-2015-41
SCTP dissector crash. ([23]Bug 11767)
* [24]wnpa-sec-2015-42
802.11 decryption crash. ([25]Bug 11790, [26]Bug 11826)
* [27]wnpa-sec-2015-43
DIAMETER dissector crash. ([28]Bug 11792)
* [29]wnpa-sec-2015-44
VeriWave file parser crashes. ([30]Bug 11789, [31]Bug 11791)
* [32]wnpa-sec-2015-45
RSVP dissector crash. ([33]Bug 11793)
* [34]wnpa-sec-2015-46
ANSI A & GSM A dissector crashes. ([35]Bug 11797)
* [36]wnpa-sec-2015-47
Ascend file parser crash. ([37]Bug 11794)
* [38]wnpa-sec-2015-48
NBAP dissector crash. ([39]Bug 11815)
* [40]wnpa-sec-2015-49
RSL dissector crash. ([41]Bug 11829)
* [42]wnpa-sec-2015-50
ZigBee ZCL dissector crash. ([43]Bug 11830)
* [44]wnpa-sec-2015-51
Sniffer file parser crash. ([45]Bug 11827)
The Windows installers are now built using NSIS 2.50 in order to avoid
[46]DLL hijacking flaws.
The following bugs have been fixed:
* Zooming out (Ctrl+-) too far crashes Wireshark. ([47]Bug 8854)
* IPv6 Next Header is Unknown yet Wireshark tries parsing an IPv6
Extension Header. ([48]Bug 9996)
* IPv6 Mobility Header Link-Layer Address Mobility Option is parsed
incorrectly. ([49]Bug 10627)
* Windows Wireshark Installer does not detect WinPcap which is
already installed. ([50]Bug 10867)
* SSL Decrypted Packet Not Decoded As HTTP. ([51]Bug 10984)
* Wireshark crashes when using the VoIP player. ([52]Bug 11596)
* [GSMTAP] Incorrect decoding of MS Radio Access Capability using
alternative coding. ([53]Bug 11599)
* TCP sequence analysis (expert info) does not work in 802.1ah
frames. ([54]Bug 11629)
* No correct GVCP info message for READREG_ACK command. ([55]Bug
11639)
* Bug in EtherCAT dissector with mailbox response. ([56]Bug 11652)
* NLM v4 statistics crash. ([57]Bug 11654)
* Malformed packet with IPv6 mobility header. ([58]Bug 11728)
* LDAP decode shows invalid number of results for searchResEntry
packets. ([59]Bug 11761)
* IPv6 RPL Routing Header with length of 8 bytes still reads an
address. ([60]Bug 11803)
* g_utf8_validate assertion when reassembling GSM SMS messages
encoded in UCS2. ([61]Bug 11809)
* MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong.
([62]Bug 11921)
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
6LoWPAN, 802.1ah, AllJoyn, ANSI A, ASN.1 BER, CLNP, CMS, DCOM,
DIAMETER, DNS, ERF, GSM A, GSM SMS, GTP, GVCP, HiSLIP, IEEE 802.11,
IPv4, IPv6, L2TP, LDAP, MIP6, MP2T, NBAP, NLM, ONC RPC, PCP, RSL, RSVP,
SCTP, SDP, SIGCOMP, SNMP, SPDY, T.38, UMTS FP, and ZigBee ZCL
New and Updated Capture File Support
Ascend, ERF, Sniffer, and VeriWave
__________________________________________________________________
Getting Wireshark
Wireshark source code and installation packages are available from
[63]https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can be
found on the [64]download page on the Wireshark web site.
__________________________________________________________________
File Locations
Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
vary from platform to platform. You can use About->Folders to find the
default locations on your system.
__________________________________________________________________
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. ([65]Bug 1419)
The BER dissector might infinitely loop. ([66]Bug 1516)
Capture filters aren't applied when capturing from named pipes.
([67]Bug 1814)
Filtering tshark captures with read filters (-R) no longer works.
([68]Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption.
([69]Win64 development page)
Resolving ([70]Bug 9044) reopens ([71]Bug 3528) so that Wireshark no
longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. ([72]Bug 4035)
Hex pane display issue after startup. ([73]Bug 4056)
Packet list rows are oversized. ([74]Bug 4357)
Wireshark and TShark will display incorrect delta times in some cases.
([75]Bug 4985)
__________________________________________________________________
Getting Help
Community support is available on [76]Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and archives for
all of Wireshark's mailing lists can be found on [77]the web site.
Official Wireshark training and certification are available from
[78]Wireshark University.
__________________________________________________________________
Frequently Asked Questions
A complete FAQ is available on the [79]Wireshark web site.
__________________________________________________________________
Last updated 2015-12-29 08:48:09 PST
References
1. https://www.wireshark.org/security/wnpa-sec-2015-31.html
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841
5. https://www.wireshark.org/security/wnpa-sec-2015-32.html
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11606
8. https://www.wireshark.org/security/wnpa-sec-2015-33.html
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11610
10. https://www.wireshark.org/security/wnpa-sec-2015-34.html
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11607
12. https://www.wireshark.org/security/wnpa-sec-2015-35.html
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
14. https://www.wireshark.org/security/wnpa-sec-2015-36.html
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
16. https://www.wireshark.org/security/wnpa-sec-2015-37.html
17. https://www.wireshark.org/security/wnpa-sec-2015-38.html
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10988
19. https://www.wireshark.org/security/wnpa-sec-2015-39.html
20. https://www.wireshark.org/security/wnpa-sec-2015-40.html
21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548
22. https://www.wireshark.org/security/wnpa-sec-2015-41.html
23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11767
24. https://www.wireshark.org/security/wnpa-sec-2015-42.html
25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790
26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826
27. https://www.wireshark.org/security/wnpa-sec-2015-43.html
28. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792
29. https://www.wireshark.org/security/wnpa-sec-2015-44.html
30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11789
31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791
32. https://www.wireshark.org/security/wnpa-sec-2015-45.html
33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11793
34. https://www.wireshark.org/security/wnpa-sec-2015-46.html
35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797
36. https://www.wireshark.org/security/wnpa-sec-2015-47.html
37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794
38. https://www.wireshark.org/security/wnpa-sec-2015-48.html
39. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815
40. https://www.wireshark.org/security/wnpa-sec-2015-49.html
41. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829
42. https://www.wireshark.org/security/wnpa-sec-2015-50.html
43. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
44. https://www.wireshark.org/security/wnpa-sec-2015-51.html
45. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827
46. http://nsis.sourceforge.net/Docs/AppendixF.html
47. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8854
48. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9996
49. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10627
50. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10867
51. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10984
52. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11596
53. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11599
54. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11629
55. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11639
56. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11652
57. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11654
58. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11728
59. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11761
60. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11803
61. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11809
62. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11921
63. https://www.wireshark.org/download.html
64. https://www.wireshark.org/download.html#thirdparty
65. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
66. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
67. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
68. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
69. https://wiki.wireshark.org/Development/Win64
70. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
71. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
72. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
73. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
74. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
75. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
76. https://ask.wireshark.org/
77. https://www.wireshark.org/lists/
78. http://www.wiresharktraining.com/
79. https://www.wireshark.org/faq.html
|
|
|
|
Avoid SDK build on OS X.
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-30
Pcapng file parser crash. Discovered by Dario Lombardo and Shannon
Sabens. ([2]Bug 11455) [3]CVE-2015-7830
The following bugs have been fixed:
* Last Address field for IPv6 RPL routing header is interpreted
incorrectly. ([4]Bug 10560)
* Comparing two capture files crashes Wireshark when navigating the
results. ([5]Bug 11098)
* 802.11 frame is not correctly dissected if it contains HT Control.
([6]Bug 11351)
* GVCP bit-fields not updated. ([7]Bug 11442)
* Tshark crash when specifying ssl.keys_list on CLI. ([8]Bug 11443)
* pcapng: SPB capture length is incorrectly truncated if IDB snaplen
= 0. ([9]Bug 11483)
* pcapng: NRB IPv4 address is endian swapped but shouldn't be.
([10]Bug 11484)
* pcapng: NRB with options causes file read failure. ([11]Bug 11485)
* pcapng: ISB without if_drop option is shown as max value. ([12]Bug
11489)
* UNISTIM dissector - Message length not included in offset for
"Select Adjustable Rx Volume". ([13]Bug 11497)
Updated Protocol Support
DIAMETER, GVCP, IEEE 802.11, IPv6, and UNISTIM
|
|
Why this didn't surface before is anyone's guess. Bump rev.
|
|
Full ChangeLog since 1.10.14 is too long to include. A few highlights:
- Expert information is now filterable when the new API is in use.
- "malformed" display filter has been renamed to "_ws.malformed".
- Transport name resolution is now disabled by default.
- Support has been added for all versions of the DCBx protocol.
- Cleanup of LLDP code, all dissected fields are now navigable.
- Dissector output may be encoded as UTF-8. This includes TShark output.
- The ASN1 plugin has been removed as it s deemed obsolete.
- The GNM dissector has been removed as it was never used.
- The Kerberos dissector has been replaced by one generated from ASN1 code.
- A more flexible, modular memory manager (wmem) has been added.
- A new API for expert information has been added, replacing the old one.
- The tvbuff API has been cleaned up.
- Support for 80+ new protocols
|
|
|
|
This is already fixed in upstream's repository.
|
|
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2015-14
The WCP dissector could crash while decompressing data. (Bug 10978)
CVE-2015-3811
* wnpa-sec-2015-15
The X11 dissector could leak memory. (Bug 11088)
CVE-2015-3812
* wnpa-sec-2015-17
The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110)
CVE-2015-3814
The following bugs have been fixed:
* Wireshark crashes if "Update list of packets in real time" is
disabled and a display filter is applied while capturing. (Bug 6217)
* Wireshark relative ISN set incorrectly if raw ISN set to 0.
(Bug 10713)
* Buffer overrun in encryption code. (Bug 10849)
* ICMP Parameter Problem message contains Length of original datagram
is treated as the total IPv4 length. (Bug 10991)
* ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug
10992)
* Interface Identifier incorrectly represented by Wireshark. (Bug
11053)
* Annoying popup when trying to capture on bonding devices on Linux.
(Bug 11058)
* CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)
* Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)
* packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn't filter ENUM. (Bug 11120)
* Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP".
(Bug 11141)
- Updated Protocol Support
ASN.1 PER, CANopen, GSM RLC/MAC, GSMTAP, ICMP, IEEE 802.11, LPP,
MEGACO, PKCS-1, PPP IPv6CP, SRVLOC, SSL, TCP, WCP, X11, and ZigBee ZCL
- New and Updated Capture File Support
Savvius OmniPeek Visual Networks
|
|
icons for it and icons for the tcpdump/pcap mimetype.
|
|
|
|
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2015-07
The WCP dissector could crash. (Bug 10844) CVE-2015-2188
* wnpa-sec-2015-08
The pcapng file parser could crash. (Bug 10895) CVE-2015-2189
* wnpa-sec-2015-10
The TNEF dissector could go into an infinite loop. Discovered by
Vlad Tsyrklevich. (Bug 11023) CVE-2015-2190
The following bugs have been fixed:
* IPv6 AUTH mobility option parses Mobility SPI and Authentication
Data incorrectly. (Bug 10626)
* DHCP Option 125 Suboption: (1) option-len always expects 1 but
specification allows for more. (Bug 10784)
* Little-endian OS X Bluetooth PacketLogger files aren't handled.
(Bug 10861)
* X.509 certificate serial number incorrectly interpreted as negative
number. (Bug 10862)
* H.248 "ServiceChangeReasonStr" messages are not shown in text
generated by tshark. (Bug 10879)
* Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI.
(Bug 10897)
* MEGACO wrong decoding on media port. (Bug 10898)
* Wrong media format. (Bug 10899)
* BSSGP Status PDU decoding fault (missing Mandatory element (0x04)
BVCI for proper packet). (Bug 10903)
* Packets on OpenBSD loopback decoded as raw not null. (Bug
10956)
* Display Filter Macro unable to edit. (Bug 10957)
* IPv6 Local Mobility Anchor Address mobility option code is treated
incorrectly. (Bug 10961)
* Juniper Packet Mirror dissector expects ipv6 flow label = 0.
(Bug 10976)
* Infinite loop DoS in TNEF dissector. (Bug 11023)
- Updated Protocol Support
ANSI IS-637-A, DHCP, GSM MAP, H.248, IPv6, Juniper Jmirror, and X.509AF
- New and Updated Capture File Support
PacketLogger, and Pcapng
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662)
CVE-2014-8710
* wnpa-sec-2014-21
AMQP crash. (Bug 10582) CVE-2014-8711
* wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628) CVE-2014-8712
CVE-2014-8713
* wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596) CVE-2014-8714
The following bugs have been fixed:
* 6LoWPAN Mesh headers not treated as encapsulating address.
(Bug 10462)
* UCP dissector bug of operation 31 - PID 0639 not
recognized. (Bug 10463)
* iSCSI dissector rejects PDUs with "expected data transfer
length" > 16M. (Bug 10469)
* GTPv2: trigging_tree under Trace information has wrong
length. (Bug 10470)
* Attempt to render an SMS-DELIVER-REPORT instead of an
SMS-DELIVER. (Bug 10547)
* IPv6 Mobility Option IPv6 Address/Prefix marks too many
bytes for the address/prefix field. (Bug 10576)
* IPv6 Mobility Option Binding Authorization Data for FMIPv6
Authenticator field is read beyond the option data.
(Bug 10577)
* IPv6 Mobility Option Mobile Node Link Layer Identifier
Link-layer Identifier field is read beyond the option data.
(Bug 10578)
* Malformed PTPoE announce packet. (Bug 10611)
* IPv6 Permanent Home Keygen Token mobility option includes
too many bytes for the token field. (Bug 10619)
* IPv6 Redirect Mobility Option K and N bits are parsed
incorrectly. (Bug 10622)
* IPv6 Care Of Test mobility option includes too many bytes
for the Keygen Token field. (Bug 10624)
* IPv6 MESG-ID mobility option is parsed incorrectly.
(Bug 10625)
* IPv6 AUTH mobility option parses Mobility SPI and
Authentication Data incorrectly. (Bug 10626)
* IPv6 DNS-UPDATE-TYPE mobility option includes too many
bytes for the MD identity field. (Bug 10629)
* IPv6 Local Mobility Anchor Address mobility option's code
and reserved fields are parsed as 2 bytes instead of 1.
(Bug 10630)
* TShark crashes when running with PDML on a specific packet.
(Bug 10651)
* IPv6 Mobility Option Context Request reads an extra
request. (Bug 10676)
- Updated Protocol Support
6LoWPAN, AMQP, GSM MAP, GTPv2, H.223, IEEE 802.11, iSCSI, MIH,
Mobile IPv6, PTPoE, TN5250, and UCP
- New and Updated Capture File Support
Catapult DCT2000, HP-UX nettl, pcap-ng, and Sniffer (DOS)
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662)
CVE-2014-8710
* wnpa-sec-2014-21
AMQP crash. (Bug 10582) CVE-2014-8711
* wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628) CVE-2014-8712
CVE-2014-8713
* wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596) CVE-2014-8714
The following bugs have been fixed:
* 6LoWPAN Mesh headers not treated as encapsulating address.
(Bug 10462)
* UCP dissector bug of operation 31 - PID 0639 not
recognized. (Bug 10463)
* iSCSI dissector rejects PDUs with "expected data transfer
length" > 16M. (Bug 10469)
* GTPv2: trigging_tree under Trace information has wrong
length. (Bug 10470)
* Attempt to render an SMS-DELIVER-REPORT instead of an
SMS-DELIVER. (Bug 10547)
* IPv6 Mobility Option IPv6 Address/Prefix marks too many
bytes for the address/prefix field. (Bug 10576)
* IPv6 Mobility Option Binding Authorization Data for FMIPv6
Authenticator field is read beyond the option data.
(Bug 10577)
* IPv6 Mobility Option Mobile Node Link Layer Identifier
Link-layer Identifier field is read beyond the option data.
(Bug 10578)
* Malformed PTPoE announce packet. (Bug 10611)
* IPv6 Permanent Home Keygen Token mobility option includes
too many bytes for the token field. (Bug 10619)
* IPv6 Redirect Mobility Option K and N bits are parsed
incorrectly. (Bug 10622)
* IPv6 Care Of Test mobility option includes too many bytes
for the Keygen Token field. (Bug 10624)
* IPv6 MESG-ID mobility option is parsed incorrectly.
(Bug 10625)
* IPv6 AUTH mobility option parses Mobility SPI and
Authentication Data incorrectly. (Bug 10626)
* IPv6 DNS-UPDATE-TYPE mobility option includes too many
bytes for the MD identity field. (Bug 10629)
* IPv6 Local Mobility Anchor Address mobility option's code
and reserved fields are parsed as 2 bytes instead of 1.
(Bug 10630)
* TShark crashes when running with PDML on a specific packet.
(Bug 10651)
* IPv6 Mobility Option Context Request reads an extra
request. (Bug 10676)
- Updated Protocol Support
6LoWPAN, AMQP, GSM MAP, GTPv2, H.223, IEEE 802.11, iSCSI, MIH,
Mobile IPv6, PTPoE, TN5250, and UCP
- New and Updated Capture File Support
Catapult DCT2000, HP-UX nettl, pcap-ng, and Sniffer (DOS)
|
|
|
|
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-12
RTP dissector crash. (Bug 9920) CVE-2014-6421
CVE-2014-6422
* wnpa-sec-2014-13
MEGACO dissector infinite loop. (Bug 10333)
CVE-2014-6423
* wnpa-sec-2014-14
Netflow dissector crash. (Bug 10370) CVE-2014-6424
* wnpa-sec-2014-17
RTSP dissector crash. (Bug 10381) CVE-2014-6427
* wnpa-sec-2014-18
SES dissector crash. (Bug 10454) CVE-2014-6428
* wnpa-sec-2014-19
Sniffer file parser crash. (Bug 10461)
CVE-2014-6429 CVE-2014-6430 CVE-2014-6431
CVE-2014-6432
- The following bugs have been fixed:
* Wireshark can crash during remote capture (rpcap)
configuration. (Bug 3554, Bug 6922,
ws-buglink:7021)
* MIPv6 Service Selection Identifier parse error. (Bug
10323)
* 802.11 BA sequence number decode is broken. (Bug 10334)
* TRILL NLPID 0xc0 unknown to Wireshark. (Bug 10382)
* Wrong decoding of RPKI RTR End of Data PDU. (Bug 10411)
* Misparsed NTP control assignments with empty values.
(Bug 10417)
* 6LoWPAN multicast address decompression problems. (Bug
10426)
* GUI Hangs when Selecting Path to GeoIP Files. (Bug
10434)
* 6LoWPAN context handling not working. (Bug 10443)
* SIP: When export to a CSV, Info is changed to differ.
(Bug 10453)
* Typo in packet-netflow.c. (Bug 10458)
* UCP dissector bug of operation 30 - data not decoded.
(Bug 10464)
- Updated Protocol Support
6LoWPAN, DVB-CI, IEEE 802.11, MEGACO, MIPv6, Netflow, NTP, OSI,
RPKI RTR, RTP, RTSP, SES, SIP, and UCP
- New and Updated Capture File Support
DOS Sniffer, and NetScaler
|
|
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-08
The Catapult DCT2000 and IrDA dissectors could underrun a
buffer.
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-09
The GSM Management dissector could crash. (Bug 10216)
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-10
The RLC dissector could crash. (Bug 9795)
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-11
The ASN.1 BER dissector could crash. (Bug 10187)
Versions affected: 1.10.0 to 1.10.8
- The following bugs have been fixed:
* GSM MAP: ensure that p2p_dir is always initialized before
calling GSM SMS dissector (Bug 10234)
* BFCP: include padding length in calculation of correct
attribute length (Bug 10240)
* GTP: allow empty Data Record Packet IE (Bug 10277)
* WebSocket: increase max unmask payload size to 256K and
indicate that packet is truncated is going above the new
limit (Bug 10283)
|
|
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-07
The frame metadissector could crash. (Bug 9999, Bug 10030)
Versions affected: 1.10.0 to 1.10.7
CVE-2014-4020
= The following bugs have been fixed:
* VoIP flow graph crash upon opening. (Bug 9179)
* Tshark with "-F pcap" still generates a pcapng file. (Bug 9991)
* IPv6 Next Header 0x3d recognized as SHIM6. (Bug 9995)
* Failed to export pdml on large pcap. (Bug 10081)
* TCAP: set a fence on info column after calling sub
dissector (Bug 10091)
* Dissector bug in JSON protocol. (Bug 10115)
* GSM RLC MAC: do not skip too many lines of the CSN_DESCR
when the field is missing (Bug 10120)
* Wireshark PEEKREMOTE incorrectly decoding QoS data packets
from Cisco Sniffer APs. (Bug 10139)
* IEEE 802.11: fix dissection of HT Capabilities (Bug 10166)
- Updated Protocol Support
CIP, EtherNet/IP, GSM RLC MAC, IEEE 802.11, IPv6, and TCAP
- New and Updated Capture File Support
pcap-ng, and PEEKREMOTE
|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
until proven otherwise.
|
|
Fix PR pkg/48777
|
|
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-06
The RTP dissector could crash. (Bug 9885)
Versions affected: 1.10.0 to 1.10.6
CVE-2014-2907
The following bugs have been fixed:
* RTP not decoded inside the conversation in v.1.10.1 (Bug 9021)
* SIP/SDP: disabled second media stream disables all media
streams (Bug 9835)
* Lua: trying to get/access a Preference before its
registered causes a segfault (Bug 9853)
* Some value_string strings contain newlines. (Bug 9878)
* Tighten the NO_MORE_DATA_CHECK macros (Bug 9932)
* Fix crash when calling "MAP Summary" dialog when no file is
open (Bug 9934)
* Fix comparing a sequence number of TCP fragment when its
value wraps over uint32_t limit (Bug 9936)
- Updated Protocol Support
ANSI A, DVB-CI, GSM DTAP, GSM MAP, IEEE 802.11, LCSAP, LTE RRC,
MAC LTE, Prism, RTP, SDP, SIP, and TCP
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-01
The NFS dissector could crash. Discovered by Moshe Kaplan.
(Bug 9672)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
CVE-2014-2281
* wnpa-sec-2014-02
The M3UA dissector could crash. Discovered by Laurent
Butti. (Bug 9699)
Versions affected: 1.10.0 to 1.10.5
CVE-2014-2282
* wnpa-sec-2014-03
The RLC dissector could crash. (Bug 9730)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
CVE-2014-2283
* wnpa-sec-2014-04
The MPEG file parser could overflow a buffer. Discovered by
Wesley Neelen. (Bug 9843)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
CVE-2014-2299
The following bugs have been fixed:
* Customized OUI is not recognized correctly during
dissection. (Bug 9122)
* Properly decode CAPWAP Data Keep-Alives. (Bug 9165)
* Build failure with GTK 3.10 - GTK developers have gone
insane. (Bug 9340)
* SIGSEGV/SIGABRT during free of TvbRange using a chained
dissector in lua. (Bug 9483)
* MPLS dissector no longer registers itself in "ppp.protocol"
table. (Bug 9492)
* Tshark doesn't display the longer data fields (mbtcp).
(Bug 9572)
* DMX-CHAN disector does not clear strbuf between rows.
(Bug 9598)
* Dissector bug, protocol SDP: proto.c:4214: failed assertion
"length >= 0". (Bug 9633)
* False error: capture file appears to be damaged or corrupt.
(Bug 9634)
* SMPP field source_telematics_id field length different from
spec. (Bug 9649)
* Lua: bitop library is missing in Lua 5.2. (Bug 9720)
* GTPv1-C / MM Context / Authentication quintuplet / RAND is
not correct. (Bug 9722)
* Lua: ProtoField.new() is buggy. (Bug 9725)
* Lua: ProtoField.bool() VALUESTRING argument is not optional
but was supposed to be. (Bug 9728)
* Problem with CAPWAP Wireshark Dissector. (Bug 9752)
* nas-eps dissector: CS Service notification dissection stops
after Paging identity IE. (Bug 9789)
- New and Updated Features
IPv4 checksum verfification is now disabled by default.
- Updated Protocol Support
AppleTalk, CAPWAP, DMX-CHAN, DSI, DVB-CI, ESS, GTPv1, IEEE
802a, M3UA, Modbus/TCP, NAS-EPS, NFS, OpenSafety, SDP, and SMPP
- New and Updated Capture File Support
libpcap, MPEG, and pcap-ng
|
|
|
|
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
|
|
|
|
- The following bugs have been fixed:
* Wireshark stops showing new packets but dumpcap keeps
writing them to the temp file. (Bug 9571)
* Wireshark 1.10.4 shuts down when promiscuous mode is
unchecked. (Bug 9577)
* Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector
accessed an invalid memory address. (Bug 9578)
- Updated Protocol Support
GSM BSSMAP, GSM BSSMAP LE, GSM SMS, Homeplug, NAS-EPS, and SGSAP
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-66
The SIP dissector could go into an infinite loop.
Discovered by Alain Botti. (Bug 9388)
Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
CVE-2013-7112
* wnpa-sec-2013-67
The BSSGP dissector could crash. Discovered by Laurent
Butti. (Bug 9488)
Versions affected: 1.10.0 to 1.10.3
CVE-2013-7113
* wnpa-sec-2013-68
The NTLMSSP v2 dissector could crash. Discovered by Garming
Sam.
Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
CVE-2013-7114
The following bugs have been fixed:
* "On-the-wire" packet lengths are limited to 65535 bytes.
(Bug 8808, ws-buglink:9390)
* Tx MCS set is not interpreted properly in WLAN beacon
frame. (Bug 8894)
* VoIP Graph Analysis window - some calls are black. (Bug
8966)
* Wireshark fails to decode single-line, multiple Contact:
URIs in SIP responses. (Bug 9031)
* epan/follow.c - Incorrect "bytes missing in capture file"
in "check_fragments" due to an unsigned int wraparound?.
(Bug 9112)
* gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus
result. (Bug 9382)
* Incorrect NFSv4 FATTR4_SECURITY_LABEL value. (Bug 9383)
* Timestamp decoded for Gigamon trailer is not padded
correctly. (Bug 9433)
* SEL Fast Message Bug-fix for Signed 16-bit Integer Fast
Meter Messages. (Bug 9435)
* DNP3 Bug Fix for Analog Data Sign Bit Handling. (Bug
9442)
* GSM SMS User Data header fill bits are wrong when using a 7
bits ASCII / IA5 encoding. (Bug 9478)
* WCDMA RLC dissector cannot assemble PDUs with SNs skipped
and wrap-arounded. (Bug 9505)
* DTLS: fix buffer overflow in mac check. (Bug 9512)
* Correct data length in SCSI_DATA_IN packets (within
iSCSI). (Bug 9521)
* GSM SMS UDH EMS control expects 4 octets instead of 3 with
OPTIONAL 4th. (Bug 9550)
* Fix "decode as ..." for packet-time.c. (Bug 9563)
- Updated Protocol Support
ANSI IS-637-A, BSSGP, DNP3, DVB-BAT, DVB-CI, GSM MAP, GSM SMS,
IEEE 802.11, iSCSI, NFSv4, NTLMSSP v2, RLC, SEL FM, SIP, and Time
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-61
The IEEE 802.15.4 dissector could crash. (Bug 9139)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6336
* wnpa-sec-2013-62
The NBAP dissector could crash. Discovered by Laurent
Butti. (Bug 9168)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6337
* wnpa-sec-2013-63
The SIP dissector could crash. (Bug 9228)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6338
* wnpa-sec-2013-64
The OpenWire dissector could go into a large loop.
Discovered by Murali. (Bug 9248)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6339
* wnpa-sec-2013-65
The TCP dissector could crash. (Bug 9263)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6340
- The following bugs have been fixed:
* new_packet_list: EAP-TLS reassemble does not happen when
NEW_PACKET_LIST is toggled. (Bug 5349)
* TLS decryption fails with XMPP start_tls. (Bug 8871)
* Wrong Interpretation of GTS starting slot. (Bug 8946)
* "Follow TCP Stream" shows only the first HTTP req+res.
(Bug 9044)
* The value of SEND_TO_UE in the DIAMETER Gx dictionary for
Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126)
* Crash then try to delete the same entry (length range)
twice. (Bug 9129)
* Crash if wrong "packet lengths range" entered. (Bug
9130)
* Bssgp => SGSN-INVOKE-TRACE use the wrong function...
(Bug 9157)
* Minor correction to dissection of DLR frames in Ethernet/IP
dissector. (Bug 9186)
* WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198)
* EDNS0 "Higher bits in extended RCODE" incorrectly decoded
in packet-dns.c. (Bug 9199)
* Files with pcap-ng Simple Packet Blocks can't be read.
(Bug 9200)
* Bug in RTP dissector if RTP extension is present. (Bug
9204)
* Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11
Registration Request. (Bug 9206)
* "make debian-package" fails, missing wsicon32.xpm. (Bug
9209)
* Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218)
* Ring buffer crash when tshark gets too far behind dumpcap.
(Bug 9258)
* PTP Dissector Wrongfully Reports Malformed Packet. (Bug
9262)
* Wireshark lua dissector unable to load for
media_type=application/octet-stream. (Bug 9296)
* Wireshark crash when dissecting packet with NTLMSSP.
(Bug 9299)
* Padding in uint64 field in DCERPC protocol wrongly
reported. (Bug 9300)
* DCERPC data_blobs are not correctly dissected when NDR64
encoding is used. (Bug 9301)
* Multiple PDUs in the same DCERPC packet are not correctly
decrypted. (Bug 9302)
* The tshark summary line doesn't display the frame number or
displays it sporadically. (Bug 9317)
* Bluetooth: SDP improvements and minor fixes. (Bug 9327)
* Duplicate IRC header field abbreviation breaks filter
(example: irc.response.command). (Bug 9360)
- Updated Protocol Support
3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT,
DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE
802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP,
WiMax, and XMPP
|
|
own PKGNAME is unchanged.
|
