| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Changelog:
## Bug Fixes
The following bugs have been fixed:
wnpa-sec-2018-01
Multiple dissectors could crash. (Bug 14253) CVE-2018-5336
wnpa-sec-2018-03
The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334
wnpa-sec-2018-04
The WCP dissector could crash. (Bug 14251) CVE-2018-5335
Prior to this release dumpcap enabled the Linux kernel's BPF JIT compiler
via the net.core.bpf_jit_enable sysctl. This could make systems
more vulnerable to Spectre variant 1 (CVE-2017-5753) and this feature
has been removed (Bug 14313).
Some keyboard shortcut mix-up has been resolved by assigning
new shortcuts to Edit -> Copy methods.
Remote interfaces are not saved. (Bug 8557)
Additional grouping in Expert Information dialog. (Bug 11753)
First start with non-empty extcap folder after install or reboot
hangs at "initializing tap listeners". (Bug 12845)
Can't hide expert categories in Expert Information. (Bug 13831)
Expert info dialog should have "Collapse All"/"Expand All" options.
(Bug 13842)
SIP Statistics extract does not work. (Bug 13942)
Service Response Time - SCSI dialog crashes. (Bug 14144)
Wireshark & Tshark 2.4.2 core dumps with segmentation fault. (Bug 14194)
SSH remote capture promiscuous mode. (Bug 14237)
SOCKS pseudo header displays incorrect Version value. (Bug 14262)
Only first variable of list is dissected in NTP Control request
message. (Bug 14268)
NTP Authenticator field dissection fails if padding is used. (Bug 14269)
BSSAP packet dissector issue - BSSAP_UPLINK_TUNNEL_REQUEST message.
(Bug 14289)
"[Malformed Packet]" for Mobile IP (MIP) protocol. (Bug 14292)
There is a potential buffer underflow in File_read_line function in
epan/wslua/wslua_file.c file. (Bug 14295)
Saving a temporary capture file may not result in the temporary
file being removed. (Bug 14298)
## Updated Protocol Support
Bluetooth, BSSAP, BT ATT, BT HCI, BT SMP, MIP, NTP, SCTP, SOCKS, UDS, and WCP
|
|
Changelog:
Bug Fixes
The following bugs have been fixed:
wnpa-sec-2017-47
The IWARP_MPA dissector could crash. (Bug 14236)
wnpa-sec-2017-48
The NetBIOS dissector could crash. (Bug 14249)
wnpa-sec-2017-49
The CIP Safety dissector could crash. (Bug 14250)
"tshark -G ?" doesn't provide expected help. (Bug 13984)
File loading is very slow with TRANSUM dissector enabled. (Bug 14094)
packet-knxnetip.c:936: bad bitmask ?. (Bug 14115)
packet-q931.c:1306: bad compare ?. (Bug 14116)
SSL Dissection bug. (Bug 14117)
Wireshark crashes when exporting various files to .csv, txt and other
'non-capture file' formats. (Bug 14128)
RLC reassembly doesn't work for RLC over UDP heuristic dissector.
Bug 14129)
HTTP Object export fails with long extension (possibly query string).
(Bug 14130)
3GPP Civic Address not displayed in Packet Details. (Bug 14131)
Wireshark prefers packet.dll in System32\\Npcap over the one in
System32. (Bug 14134)
PEEKREMOTE dissector does not decode 11ac MCS rates properly. (Bug 14136)
Visual Studio Community Edition 2015 lacks tools named in developer
guide. (Bug 14147)
TCP: Malformed data with Riverbed Probe option. (Bug 14150)
Wireshark Crash when trying to use Preferences | Advanced. (Bug 14157)
Right click on SMB2 Message ID and then Apply as Column causes Runtime
Error. (Bug 14169)
Return [Enter] should apply change (Column title - Button Label
toolbars). (Bug 14191)
Wireshark crashes if "rip.display_routing_domain" is set to TRUE in
preferences file. (Bug 14197)
Entry point inflatePrime not found for androiddump.exe and
randpktdump.exe. (Bug 14207)
BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not
able to decode the packet correctly. (Bug 14241)
Wrong SSL decryption when using EXTENDED MASTER SECRET and Client
certificate request (mutual authentication). (Bug 14243)
Frame direction isn't always set if it comes from the pcapng record
header rather than the packet pseudo-header. (Bug 14245)
Updated Protocol Support
3GPP NAS, BGP, CIP Safety, DTLS, IEEE 802.11 Radio, IWARP_MPA,
KNXnet/IP, LCSAP, MQTT, NetBIOS, PEEKREMOTE, Q.931, RIP, RLC, SIP,
SSL/TLS, TCP, and TRANSUM
|
|
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-42
BT ATT dissector crash ([2]Bug 14049) [3]CVE-2017-15192
* [4]wnpa-sec-2017-43
MBIM dissector crash ([5]Bug 14056) [6]CVE-2017-15193
* [7]wnpa-sec-2017-44
DMP dissector crash ([8]Bug 14068) [9]CVE-2017-15191
The following bugs have been fixed:
* Wireshark crash when end capturing with "Update list of packets in
real-time" option off. ([10]Bug 13024)
* Diameter service response time statistics broken in 2.2.4. ([11]Bug
13442)
* Some Infiniband Connect Req fields are not decoded correctly.
([12]Bug 13997)
* wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in
wrong place ?. ([13]Bug 14016)
* [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). ([14]Bug
14025)
* [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). ([15]Bug
14032)
* RTP Analysis "save as CSV" saves twice the forward stream, if two
streams are selected. ([16]Bug 14040)
* Cannot Apply Bitmask to Long Unsigned. ([17]Bug 14063)
Updated Protocol Support
BT ATT, DCERPC, DMP, E.212, H.248, InfiniBand, MBIM, RPC, and WSP
|
|
|
|
|
|
|
|
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-38
MSDP dissector infinite loop ([2]Bug 13933)
* [3]wnpa-sec-2017-39
Profinet I/O buffer overrun ([4]Bug 13847)
* [5]wnpa-sec-2017-41
IrCOMM dissector buffer overrun ([6]Bug 13929)
The following bugs have been fixed:
* Confusing "Apply a display filter <Command/>" keyboard shortcut.
([7]Bug 12450)
* VNC Protocol disector : Framebuffer Updates. ([8]Bug 13910)
* DNS LOC RRs with out-of-range longitude or latitude aren't shown as
errors. ([9]Bug 13914)
* DIS Dissector Entity Appearance Record displayed in wrong location.
([10]Bug 13917)
* Win64 CMake bug - (CYGWIN_INSTALL_PATH redefinition) causing
missing packages when using CMake 3.9.0. ([11]Bug 13922)
* APL records parsed incorrectly for IPv4 prefixes. ([12]Bug 13923)
* TCAP SRT Analysis incorrectly matched TCAP begins and ends.
([13]Bug 13926)
* E.212: Check length before trying 3-digits MNC. ([14]Bug 13935)
* Crash in Wireshark using Dumper:dump() from Lua. ([15]Bug 13944)
* GTPv2 - decoding issue for Packet Flow ID (type 123). ([16]Bug
13987)
* [oss-fuzz] BGP memleak: ASAN: 276 byte(s) leaked in 5
allocation(s). ([17]Bug 13995)
* Some Infiniband Connect Req fields are not decoded correctly.
([18]Bug 13997)
* 802.11 wlan.ft.subelem.r0kh_id should be sequence of bytes.
([19]Bug 14004)
Updated Protocol Support
APL, BGP, DIS, DNS, E.212, GTPv2, IEEE 802.11, InfiniBand, MSDP, MTP2,
pcapng MIME, Profinet I/O, SML, TCAP, and VNC
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-13
WBMXL dissector infinite loop ([2]Bug 13477, [3]Bug 13796)
[4]CVE-2017-7702, cve-idlink:CVE-2017-11410[] Note: This is an
update for a fix in Wireshark 2.2.6 and 2.0.12.
* [5]wnpa-sec-2017-28
openSAFETY dissector memory exhaustion ([6]Bug 13649, [7]Bug 13755)
[8]CVE-2017-9350, [9]CVE-2017-11411 Note: This is an update for a
fix in Wireshark 2.2.7.
* [10]wnpa-sec-2017-34
AMQP dissector crash. ([11]Bug 13780) [12]CVE-2017-11408
* [13]wnpa-sec-2017-35
MQ dissector crash. ([14]Bug 13792) [15]CVE-2017-11407
* [16]wnpa-sec-2017-36
DOCSIS infinite loop. ([17]Bug 13797) [18]CVE-2017-11406
The following bugs have been fixed:
* Y.1711 dissector reverses defect type order. ([19]Bug 8292)
* Packet list keeps scrolling back to selected packet while names are
being resolved. ([20]Bug 12074)
* [REGRESSION] Export Objects do not show files from a SMB2 capture.
([21]Bug 13214)
* LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values.
([22]Bug 13481)
* Hexpane showing in proportional font again. ([23]Bug 13638)
* Regression in SCCP fragments handling. ([24]Bug 13651)
* TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. ([25]Bug 13739)
* Dissector for WSMP (IEEE 1609.3) not current. ([26]Bug 13766)
* RANAP: possible issue in the heuristic code. ([27]Bug 13770)
* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
int in packet-btrfcomm.c:314:37. ([28]Bug 13783)
* RANAP: false positives on heuristic algorithm. ([29]Bug 13791)
* Automatic name resolution not saved to PCAP-NG NRB. ([30]Bug 13798)
* DAAP dissector dissect_daap_one_tag recursion stack exhausted.
([31]Bug 13799)
* Malformed DCERPC PNIO packet decode, exception handler invalid
poionter reference. ([32]Bug 13811)
* It seems SPVID was decoded from wrong field. ([33]Bug 13821)
* README.dissectors: Add notes about predefined string structures not
available to plugin authors. ([34]Bug 13828)
* Statistics->Packet Lengths doesn't display details for 5120 or
greater. ([35]Bug 13844)
* cmake/modules/FindZLIB.cmake doesn't find inflatePrime. ([36]Bug
13850)
* BGP: incorrect decoding COMMUNITIES whose length is larger than
255. ([37]Bug 13872)
Updated Protocol Support
AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM
BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF,
PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC,
WBXML, WSMP, and Y.1711
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-22
Bazaar dissector infinite loop ([2]Bug 13599) [3]CVE-2017-9352
* [4]wnpa-sec-2017-23
DOF dissector read overflow ([5]Bug 13608) [6]CVE-2017-9348
* [7]wnpa-sec-2017-24
DHCP dissector read overflow ([8]Bug 13609, [9]Bug 13628)
[10]CVE-2017-9351
* [11]wnpa-sec-2017-25
SoulSeek dissector infinite loop ([12]Bug 13631) [13]CVE-2017-9346
* [14]wnpa-sec-2017-26
DNS dissector infinite loop ([15]Bug 13633) [16]CVE-2017-9345
* [17]wnpa-sec-2017-27
DICOM dissector infinite loop ([18]Bug 13685) [19]CVE-2017-9349
* [20]wnpa-sec-2017-28
openSAFETY dissector memory exhaustion ([21]Bug 13649)
[22]CVE-2017-9350
* [23]wnpa-sec-2017-29
BT L2CAP dissector divide by zero ([24]Bug 13701) [25]CVE-2017-9344
* [26]wnpa-sec-2017-30
MSNIP dissector crash ([27]Bug 13725) [28]CVE-2017-9343
* [29]wnpa-sec-2017-31
ROS dissector crash ([30]Bug 13637) [31]CVE-2017-9347
* [32]wnpa-sec-2017-32
RGMP dissector crash ([33]Bug 13646) [34]CVE-2017-9354
* [35]wnpa-sec-2017-33
IPv6 dissector crash ([36]Bug 13675) [37]CVE-2017-9353
The following bugs have been fixed:
* DICOM dissection error. ([38]Bug 13164)
* Qt: drag & drop of one column header in PacketList moves other
columns. ([39]Bug 13183)
* Can not export captured DICOM objects in version 2.2.5. ([40]Bug
13570)
* False complain about bad checksum of ICMP extension header.
([41]Bug 13586)
* LibFuzzer: ISUP dissector bug (isup.number_different_meaning).
([42]Bug 13588)
* Dissector Bug, protocol BT ATT. ([43]Bug 13590)
* Wireshark dispalys
RRCConnectionReestablishmentRejectRRCConnectionReestablishmentRejec
t in Info column. ([44]Bug 13595)
* [oss-fuzz] UBSAN: shift exponent 105 is too large for 32-bit type
int in packet-ositp.c:551:79. ([45]Bug 13606)
* [oss-fuzz] UBSAN: shift exponent -77 is negative in
packet-netflow.c:7717:23. ([46]Bug 13607)
* [oss-fuzz] UBSAN: shift exponent 1959 is too large for 32-bit type
int in packet-sigcomp.c:2128:28. ([47]Bug 13610)
* [oss-fuzz] UBSAN: shift exponent 63 is too large for 32-bit type
guint32 (aka unsigned int) in packet-rtcp.c:917:24. ([48]Bug 13611)
* [oss-fuzz] UBSAN: shift exponent 70 is too large for 64-bit type
guint64 (aka unsigned long) in dwarf.c:42:43. ([49]Bug 13616)
* [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type
int in packet-xot.c:260:23. ([50]Bug 13618)
* [oss-fuzz] UBSAN: shift exponent -5 is negative in
packet-sigcomp.c:1722:36. ([51]Bug 13619)
* [oss-fuzz] UBSAN: index 2049 out of bounds for type char [2049] in
packet-quakeworld.c:134:5. ([52]Bug 13624)
* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
int in packet-netsync.c:467:25. ([53]Bug 13639)
* [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type
int in packet-sigcomp.c:3857:24. ([54]Bug 13641)
* [oss-fuzz] ASAN: stack-use-after-return
epan/dissectors/packet-ieee80211.c:14341:23 in add_tagged_field.
([55]Bug 13662)
* Welcome screen invalid capture filter wihtout WinPcap installed
causes runtime error. ([56]Bug 13672)
* SMB protocol parser does not parse SMB_COM_TRANSACTION2_SECONDARY
(0x33) command correctly. ([57]Bug 13690)
* SIP packets with SDP marked as malformed. ([58]Bug 13698)
* [oss-fuzz] UBSAN: index 8 out of bounds for type gboolean const[8]
in packet-ieee80211-radiotap.c:1836:12. ([59]Bug 13713)
* Crash on "Show packet bytes..." context menu item click. ([60]Bug
13723)
* DNP3 dissector does not properly decode packed variations with
prefixed qualifiers. ([61]Bug 13733)
Updated Protocol Support
Bazaar, BT ATT, BT L2CAP, DHCP, DICOM, DNP3, DNS, DOF, DWARF, ICMP,
IEEE 802.11, IPv6, ISUP, LTE RRC, MSNIP, Netflow, Netsync, openSAFETY,
OSITP, QUAKEWORLD, Radiotap, RGMP, ROS, RTCP, SIGCOMP, SMB, SoulSeek,
and XOT
|
|
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-12
IMAP dissector crash ([2]Bug 13466) [3]CVE-2017-7703
* [4]wnpa-sec-2017-13
WBMXL dissector infinite loop ([5]Bug 13477) [6]CVE-2017-7702
* [7]wnpa-sec-2017-14
NetScaler file parser infinite loop ([8]Bug 13478) [9]CVE-2017-7700
* [10]wnpa-sec-2017-15
RPCoRDMA dissector infinite loop ([11]Bug 13558) [12]CVE-2017-7705
* [13]wnpa-sec-2017-16
BGP dissector infinite loop ([14]Bug 13557) [15]CVE-2017-7701
* [16]wnpa-sec-2017-17
DOF dissector infinite loop ([17]Bug 13453) [18]CVE-2017-7704
* [19]wnpa-sec-2017-18
PacketBB dissector crash ([20]Bug 13559)
* [21]wnpa-sec-2017-19
SLSK dissector long loop ([22]Bug 13576)
* [23]wnpa-sec-2017-20
SIGCOMP dissector infinite loop ([24]Bug 13578)
* [25]wnpa-sec-2017-21
WSP dissector infinite loop ([26]Bug 13581)
The following bugs have been fixed:
* T30 FCF byte decoding masks DTC, CIG and NCS. ([27]Bug 1918)
* Wireshark gives decoding error during rnsap message dissection(SCCP
reassembly). ([28]Bug 3360)
* Added IEEE 802.15.4-2003 AES-CCM security modes
(packet-ieee802154). ([29]Bug 4912)
* Payload in 2 SCCP DT1 messages in the same frame isn't
(sub)dissected. ([30]Bug 11130)
* IEEE 802.15.4: an area of Payload IEs is dissected twice. ([31]Bug
13068)
* Qt UI: Wireshark crash when deleting IO graph string while it's in
editing mode. ([32]Bug 13234)
* Crash on exit due to an invalid frame data sequence state. ([33]Bug
13433)
* Access Violation using Lua dissector. ([34]Bug 13457)
* Some bytes ignored in every packet in NetScaler packet trace when
vmnames are included in packet headers. ([35]Bug 13459)
* VOIP RTP stream Find Reverse button doesn't work. ([36]Bug 13462)
* Lua dissector: ProtoField int&42; do not allow FT_HEX or FT_OCT,
crash when set to FT_HEX_DEC or FT_DEC_HEX. ([37]Bug 13484)
* GIOP LocateRequest v1.0 is improperly indicated as "malformed".
([38]Bug 13488)
* Bug in ZigBee - Zone Status Change Notification. ([39]Bug 13493)
* Packet exception in packet-ua3g and incomplete strings in
packet-noe. ([40]Bug 13502)
* Wrong BGP capability dissect. ([41]Bug 13521)
* Endpoint statistics column labels seem incorrect. ([42]Bug 13526)
* Strange automatic jump in packet details for a certain DNS response
packet. ([43]Bug 13533)
* When a Lua enum or bool preference is changed via context menu,
prefs_changed isn't called with Qt Wireshark. ([44]Bug 13536)
* IO Graph selects wrong packet or displays "Packet number x isn't
displayed". ([45]Bug 13537)
* tshark's -z endpoints,ip ignores optional filter. ([46]Bug 13538)
* SSL: Handshake type in Info column not always separated by comma.
([47]Bug 13539)
* libfuzzer: PEEKREMOTE dissector bug. ([48]Bug 13544)
* libfuzzer: packetBB dissector bug (packetbb.msg.addr.valuecustom).
([49]Bug 13545)
* libfuzzer: WSP dissector bug (wsp.header.x_wap_tod). ([50]Bug
13546)
* libfuzzer: MIH dissector bug. ([51]Bug 13547)
* libfuzzer: DNS dissector bug. ([52]Bug 13548)
* libfuzzer: WLCCP dissector bug. ([53]Bug 13549)
* libfuzzer: TAPA dissector bug. ([54]Bug 13553)
* libfuzzer: lapsat dissector bug. ([55]Bug 13554)
* libfuzzer: wassp dissector bug. ([56]Bug 13555)
* Illegal reassembly of GSM SMS packets. ([57]Bug 13572)
* SSH Dissector uses incorrect length for protocol field
(ssh.protocol). ([58]Bug 13574)
* NBAP malformed packet for short Binding ID. ([59]Bug 13577)
* libfuzzer: WSP dissector bug (wsp.header.x_up_1.x_up_proxy_tod).
([60]Bug 13579)
* libfuzzer: asterix dissector bug (asterix.021_230_RA). ([61]Bug
13580)
* RTPproxy dissector adds multi lines to info column. ([62]Bug 13582)
Updated Protocol Support
ASTERIX, BGP, BSSGP, BT AVRCP, BT HCI_CMD, BT HFP, BT PBAP, DNS, DOF,
EAPOL-MKA, GIOP, GSM SMS, HTTP, ICMP, IEEE 802.11, IEEE 802.15.4, IMAP,
ISIS LSP, iSNS, LAPSat, MIH, MySQL, NBAP, NBIFOM, PacketBB, PEEKREMOTE,
RPCoRDMA, RTPproxy, SCCP, SIGCOMP, SLSK, SSH, SSL, T.30, TAPA, UA3G,
WASSP, WBXML, WLCCP, WSP, and ZigBee ZCL IAS
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-03
LDSS dissector crash ([2]Bug 13346)
* [3]wnpa-sec-2017-04
RTMTP dissector infinite loop ([4]Bug 13347)
* [5]wnpa-sec-2017-05
WSP dissector infinite loop ([6]Bug 13348)
* [7]wnpa-sec-2017-06
STANAG 4607 file parser infinite loop ([8]Bug 13416)
* [9]wnpa-sec-2017-07
NetScaler file parser infinite loop ([10]Bug 13429)
* [11]wnpa-sec-2017-08
NetScaler file parser crash ([12]Bug 13430)
* [13]wnpa-sec-2017-09
K12 file parser crash ([14]Bug 13431)
* [15]wnpa-sec-2017-10
IAX2 dissector infinite loop ([16]Bug 13432)
* [17]wnpa-sec-2017-11
NetScaler file parser infinite loop ([18]Bug 12083)
The 32-bit and 64-bit Windows installers might have been susceptible to
a [19]DLL hijacking flaw.
The following bugs have been fixed:
* Display filter textbox loses focus during live capturing. ([20]Bug
11890)
* Wireshark crashes when saving pcaps, opening pcaps, and exporting
specified packets. ([21]Bug 12036)
* tshark stalls on FreeBSD if androiddump is present. ([22]Bug 13104)
* UTF-8 characters in packet list column title. ([23]Bug 13342)
* Recent capture file list should appear immediately on startup.
([24]Bug 13352)
* editcap segfault if a packet length is shorter than ignore bytes
parameter. ([25]Bug 13378)
* dftest segfault with automated build of 2.2.5. ([26]Bug 13387)
* UMTS MAC Dissector shows Packet size limited for BCCH payload.
([27]Bug 13392)
* VS2010 win32 ±¥. ([28]Bug 13398)
* EAP AKA not being decoded properly. ([29]Bug 13411)
* Dumpcap crashes during rpcap setup. ([30]Bug 13418)
* Crash on closing SNMP capture file if snmp credentials are present.
([31]Bug 13420)
* GPRS-NS message PDU type displayed in octal instead of hexadecimal.
([32]Bug 13428)
Updated Protocol Support
GPRS-NS, GTPv2, IAX2, IEEE 802.11, LDSS, MS-WSP, OpcUa, ROHC, RTMTP,
SNMP, STANAG 4607, T.38, and UMTS FP
|
|
|
|
Wireshark 2.2.4 Release Notes
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-01
The ASTERIX dissector could go into an infinite loop. ([2]Bug
13344)
* [3]wnpa-sec-2017-02
The DHCPv6 dissector could go into a large loop. ([4]Bug 13345)
The following bugs have been fixed:
* TCP reassembly: tcp.reassembled_in is not set in first packet.
([5]Bug 3264)
* Duplicated Interfaces instances while refreshing. ([6]Bug 11553)
* Time zone name needs to be converted to UTF-8 on Windows. ([7]Bug
11785)
* Crash on fast local interface changes. ([8]Bug 12263)
* Please align columns in tshark's output. ([9]Bug 12502)
* Display data rate fields for VHT rates invalid with BCC modulation.
([10]Bug 12859)
* plugin_if_get_ws_info causes Access Violation if called during
rescan. ([11]Bug 12973)
* SMTP BDAT dissector not reverting to command-code after DATA.
([12]Bug 13030)
* Wireshark fails to recognize V6 DBS Etherwatch capture files.
([13]Bug 13093)
* Runtime Error when try to merge .pcap files (Wireshark crashes).
([14]Bug 13175)
* PPP BCP BPDU size reports not header size, but all data underneath
and its header size in UI. ([15]Bug 13188)
* In-line UDP checksum bytes in 6LoWPAN IPHC are swapped. ([16]Bug
13233)
* Uninitialized memcmp on data in daintree-sna.c. ([17]Bug 13246)
* Crash when dissect WDBRPC Version 2 protocol with Dissect unknown
program numbers enabled. ([18]Bug 13266)
* Contents/Resources/bin directory isn't in the app bundle after
installation. ([19]Bug 13270)
* Regression: IEEE17221 (AVDECC) decoded as IEEE1722 (AVB
Transportation Protocol). ([20]Bug 13274)
* Can't decode packets captured with OpenBSD enc(4) encapsulating.
([21]Bug 13279)
* UDLD flags are at other end of octet. ([22]Bug 13280)
* MS-WSP dissector no longer works since commit
8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. ([23]Bug 13299)
* TBCD string decoded wrongly in MAP ATI message. ([24]Bug 13316)
* Filter Documentation: The tilde (~) operator is not documented.
([25]Bug 13320)
* VoIP Flow Sequence Causes Application Crash. ([26]Bug 13329)
Updated Protocol Support
6LoWPAN, DVB-CI, ENC, GSM MAP, IEEE 1722, IEEE 1722.1, ISAKMP, MS-WSP,
PPP, QUIC, Radiotap, RPC, SMTP, TCP, UCD, and UDLD
New and Updated Capture File Support
Daintree SNA, and DBS Etherwatch
|
|
|
|
Bump PKGREVISION
Pointed out by Joern Clausen via PR pkg/51835.
|
|
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* Arbitrary file deletion on Windows. ([1]Bug 13217)
The following bugs have been fixed:
* Saving all exported objects (SMB/SMB2) results in out of physical
memory. ([2]Bug 11133)
* Export HTTP Objects - Single file shows as multiple files in 2.0.2.
([3]Bug 12230)
* Follow Stream and graph buttons remain greyed out in conversation
window. ([4]Bug 12893)
* Dicom list of tags in element of VR=AT not properly decoded.
([5]Bug 13077)
* Malformed Packet: BGP Update (withdraw) message. ([6]Bug 13146)
* Install fail on macOS Sierra (error PKInstallErrorDomain Code=112).
([7]Bug 13152)
* GTP: "Create PDP Context response" message shows back-off timer as
malformed when included in the response. ([8]Bug 13153)
* ICMP dissector fails to properly detect timestamps. ([9]Bug 13161)
* RLC misdissection. ([10]Bug 13162)
* Text2pcap on Windows produces corrupt output when writing the
capture file to the standard output. ([11]Bug 13165)
* HTML escaping of quotes in error message. ([12]Bug 13178)
* TShark doesn't respect protocols.display_hidden_proto_items
setting. ([13]Bug 13192)
* RPC/RDMA dissector should exit when frame is not RPC-over-RDMA.
([14]Bug 13195)
* Some RPC-over-RDMA frames are not recognized as RPC-over-RDMA.
([15]Bug 13196)
* RPC-over-RDMA frames with chunk lists are "Malformed". ([16]Bug
13197)
* TShark fails to pass RPC-over-RDMA frames to RPC subdissector.
([17]Bug 13198)
* Adding a DOF DPS Identity Secret, session Key, or Mode Template
causes Wireshark to crash. ([18]Bug 13209)
* Wireshark shows "MS Video Source Request" in a RTCP packet as
"Malformed". ([19]Bug 13212)
Updated Protocol Support
BGP, BOOTP/DHCP, BTLE, DICOM, DOF, Echo, GTP, ICMP, Radiotap, RLC, RPC
over RDMA, RTCP, SMB, TCP, UFTP4, and VXLAN
|
|
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-58
Profinet I/O long loop. ([2]Bug 12851)
* [3]wnpa-sec-2016-59
AllJoyn crash. ([4]Bug 12953)
* [5]wnpa-sec-2016-60
OpenFlow crash. ([6]Bug 13071)
* [7]wnpa-sec-2016-61
DCERPC crash. ([8]Bug 13072)
* [9]wnpa-sec-2016-62
DTN infinite loop. ([10]Bug 13097)
The Windows PortableApps packages were susceptible to a [11]DLL
hijacking flaw.
The following bugs have been fixed:
* TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN
true. ([12]Bug 12579)
* SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0.
([13]Bug 12632)
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([14]Bug 12712)
* dmg for OS X does not install man pages. ([15]Bug 12746)
* Fails to compile against Heimdal 1.5.3. ([16]Bug 12831)
* TCP: Next sequence number off by one when sending payload in SYN
packet (e.g. TFO). ([17]Bug 12838)
* Follow TCP Stream shows duplicate stream data. ([18]Bug 12855)
* Dissection engine falsely asserts that EIGRP packet's checksum is
incorrect. ([19]Bug 12982)
* IEEE 802.15.4 frames erroneously handed over to ZigBee dissector.
([20]Bug 12984)
* Capture Filter Bookmark Inactive in Capture Options page. ([21]Bug
12986)
* CLNP dissector does not parse ER NPDU properly. ([22]Bug 12993)
* SNMP trap bindings for NON scalar OIDs. ([23]Bug 13013)
* BGP LS Link Protection Type TLV (1093) decoding. ([24]Bug 13021)
* Application crash sorting column for tcp.window_size_scalefactor up
and down. ([25]Bug 13023)
* ZigBee Green Power add key during execution. ([26]Bug 13031)
* Malformed AMPQ packets for session.expected and session.confirmed
fields. ([27]Bug 13037)
* Wireshark 2.2.1 crashes when attempting to merge pcap files.
([28]Bug 13060)
* [IS-637A] SMS - Teleservice layer parameter --> IA5 encoded text is
not correctly displayed. ([29]Bug 13065)
*
* Failure to dissect USB Audio feature unit descriptors missing the
iFeature field. ([30]Bug 13085)
* MSISDN not populated/decoded in JSON GTP-C decoding. ([31]Bug
13086)
* E212: 3 digits MNC are identified as 2 digits long if they end with
a 0. ([32]Bug 13092)
* Exception with last unknown Cisco AVP available in a SCCRQ message.
([33]Bug 13103)
* TShark stalls on FreeBSD if androiddump is present. ([34]Bug 13104)
* Dissector skips DICOM command. ([35]Bug 13110)
* UUID (FT_GUID) filtering isn't working. ([36]Bug 13121)
* Manufacturer name resolution fail. ([37]Bug 13126)
* packet-sdp.c allocates transport_info->encoding_name from wrong
memory pool. ([38]Bug 13127)
* Payload type name for dynamic payload is wrong for reverse RTP
channels. ([39]Bug 13132)
Updated Protocol Support
6LoWPAN, AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN,
E.212, EIGRP, ERF, GVSP, IEEE 802.11, IEEE 802.15.4, IP, ISO-8583,
Kerberos, L2TP, LACP, MAC LTE, OpenFlow, Profinet I/O, RTPS, SCTP, SDP,
Skype, SMPP, SNA, SNMP, SPNEGO, TCP, USB Audio, XML, and ZigBee
|
|
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-56
The Bluetooth L2CAP dissector could crash. ([2]Bug 12825)
* [3]wnpa-sec-2016-57
The NCP dissector could crash. ([4]Bug 12945)
The following bugs have been fixed:
* Flow Graph colored data arrows. ([5]Bug 12065)
* Capture File Properties under Statistics Grayed Out after Stopping
a Capture. ([6]Bug 12071)
* Qt: Hidden columns displayed during live capture. ([7]Bug 12377)
* Unable to save changes to coloring rules. ([8]Bug 12814)
* Bad description for NBSS error code 0x81. ([9]Bug 12835)
* Live capture from USBPcap fails immediately. ([10]Bug 12846)
* Cannot decrypt EAP-TTLS traffic (not recognized as conversation).
([11]Bug 12879)
* Export packet dissections Option disabled after capturing traffic.
([12]Bug 12898)
* Failure to open file named with Chinese or other multibyte
characters. ([13]Bug 12900)
* k12 text file format causes errors. ([14]Bug 12903)
* File | File Set | List Files dialog is blank. ([15]Bug 12904)
* Decoding/Display of an INAP CONNECT message goes wrong for the
Destination Routing Address part. ([16]Bug 12911)
* TLS padding extension dissector length parsing bug. ([17]Bug 12922)
* Diameter dictionary bugs. ([18]Bug 12927)
* File open from menu bar with filter in place causes Wireshark to
crash. ([19]Bug 12929)
* Unable to capture USBPcap trace using tshark with extcap built.
([20]Bug 12949)
* P1 dissector fails a TVB assertion. ([21]Bug 12976)
* Multiple PortableApps instances can once again be run at the same
time.
Updated Protocol Support
6LowPAN, BT L2CAP, CIP, DCOM IRemUnknown, Diameter, DMP, EAP, ISUP,
NBT, NCP, NetFlow, SSL / TLS, and U3V
New and Updated Capture File Support
Ascend, and K12
|
|
|
|
|
|
|
|
|
|
|
|
What's New
Bug Fixes
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([1]Bug 12712)
* Extcap errors not reported back to UI. ([2]Bug 11892)
New and Updated Features
The following features are new (or have been significantly updated)
since version 2.2.0rc1:
"Decode As" supports SSL (TLS) over TCP.
The following features are new (or have been significantly updated)
since version 2.1.1:
* Invalid coloring rules are now disabled instead of discarded. This
will provide backward compatibility with a coloring rule change in
Wireshark 2.2.
The following features are new (or have been significantly updated)
since version 2.1.0:
* Added -d option for Decode As support in Wireshark (mimics TShark
functionality)
* The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
TShark can additionally export packets as Elasticsearch-compatible
JSON.
* The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
deprecated.
* The Conversations and Endpoints dialogs are more responsive when
viewing large numbers of items.
* The RTP player now allows up to 30 minutes of silence frames.
* Packet bytes can now be displayed as EBCDIC.
* The Qt UI loads captures faster on Windows.
* proto_tree_add_checksum was added as an API. This attempts to
standardize how checksums are reported and filtered for within
*Shark. There are no more individual "good" and "bad" filter
fields, protocols now have a "checksum.status" field that records
"Good", "Bad" and "Unverified" (neither good or bad). Color filters
provided with Wireshark have been adjusted to the new display
filter names, but custom ones may need to be updated.
The following features are new (or have been significantly updated)
since version 2.0.0:
* The intelligent scroll bar now sits to the left of a normal scroll
bar and provides a clickable map of nearby packets.
* You can now switch between between Capture and File Format
dissection of the current capture file via the View menu in the Qt
GUI.
* You can now show selected packet bytes as ASCII, HTML, Image, ISO
8859-1, Raw, UTF-8, a C array, or YAML.
* You can now use regular expressions in Find Packet and in the
advanced preferences.
* Name resolution for packet capture now supports asynchronous DNS
lookups only. Therefore the "concurrent DNS resolution" preference
has been deprecated and is a no-op. To enable DNS name resolution
some build dependencies must be present (currently c-ares). If that
is not the case DNS name resolution will be disabled (but other
name resolution mechanisms, such as host files, are still
available).
* The byte under the mouse in the Packet Bytes pane is now
highlighted.
* TShark supports exporting PDUs via the -U flag.
* The Windows and OS X installers now come with the "sshdump" and
"ciscodump" extcap interfaces.
* Most dialogs in the Qt UI now save their size and positions.
* The Follow Stream dialog now supports UTF-16.
* The Firewall ACL Rules dialog has returned.
* The Flow (Sequence) Analysis dialog has been improved.
* We no longer provide packages for 32-bit versions of OS X.
* The Bluetooth Device details dialog has been added.
New File Format Decoding Support
Wireshark is able to display the format of some types of files (rather
than displaying the contents of those files). This is useful when
you're curious about, or debugging, a file and its format. To open a
capture file (such as PCAP) in this mode specify "MIME Files Format" as
the file's format in the Open File dialog.
New Protocol Support
Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag,
Digital Equipment Corporation Local Area Transport, Distributed Object
Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control
Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS
Kernel Packet Header Dissector Added (IPOS), Extensible Control &
Management Protocol (eCMP), FLEXRAY Protocol dissector added
(automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO
8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP),
LAT protocol (DECNET), Metamako trailers, Network Service Header for
Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia
Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight
Machine to Machine TLV payload Added (LwM2M TLV), Real Time Location
System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service,
STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link
Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras),
USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters
Dissectors Added (Closures Lighting General Measurement & Sensing HVAC
Security & Safety)
Updated Protocol Support
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
allow to DecodeAs it over USB, TCP and UDP.
A preference was added to TCP dissector for handling IPFIX process
information. It has been disabled by default.
New and Updated Capture File Support
Micropross mplog
New and Updated Capture Interfaces support
Non-empty section placeholder.
Major API Changes
The libwireshark API has undergone some major changes:
* The address macros (e.g., SET_ADDRESS) have been removed. Use the
(lower case) functions of the same names instead.
* "old style" dissector functions (that don't return number of bytes
used) have been replaced in name with the "new style" dissector
functions.
* tvb_get_string and tvb_get_stringz have been replaced with
tvb_get_string_enc and tvb_get_stringz_enc respectively.
|
|
|
|
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-39
CORBA IDL dissector crash on 64-bit Windows. ([2]Bug 12495)
* [3]wnpa-sec-2016-41
PacketBB crash. ([4]Bug 12577)
* [5]wnpa-sec-2016-42
WSP infinite loop. ([6]Bug 12594)
* [7]wnpa-sec-2016-44
RLC long loop. ([8]Bug 12660)
* [9]wnpa-sec-2016-45
LDSS dissector crash. ([10]Bug 12662)
* [11]wnpa-sec-2016-46
RLC dissector crash. ([12]Bug 12664)
* [13]wnpa-sec-2016-47
OpenFlow long loop. ([14]Bug 12659)
* [15]wnpa-sec-2016-48
MMSE, WAP, WBXML, and WSP infinite loop. ([16]Bug 12661)
* [17]wnpa-sec-2016-49
WBXML crash. ([18]Bug 12663)
The following bugs have been fixed:
* T30 FCF byte decoding masks DTC, CIG and NCS. ([19]Bug 1918)
* TShark crashes with option "-z io,stat,..." in the presence of
negative relative packet timestamps. ([20]Bug 9014)
* Packet size limited during capture msg is repeated in the Info
column. ([21]Bug 9826)
* Wireshark loses windows decorations on second screen when
restarting maximized using GNOME. ([22]Bug 11303)
* Cannot launch GTK+ version of wireshark as a normal user. ([23]Bug
11400)
* Restart current capture fails with "no interface selected" error
when capturing in promiscuous mode. ([24]Bug 11834)
* Add field completion suggestions when adding a Display filter or Y
Field to the IO Graph. ([25]Bug 11899)
* Wireshark Qt always indicates locale as "C". ([26]Bug 11960)
* Wireshark crashes every time open Statistics -> Conversations |
Endpoints. ([27]Bug 12288)
* Find function within the conversations window does not work.
([28]Bug 12363)
* Invalid values for USB SET_REQUEST packets. ([29]Bug 12511)
* Display filter dropdown hides cursor. ([30]Bug 12520)
* Filter for field name tcp.options.wscale.multiplier cannot exceed
255. ([31]Bug 12525)
* Ctrl+ shortcuts that are not text-related do not work when focus is
on display filter field. ([32]Bug 12533)
* Closing Statistics window results in black screen. ([33]Bug 12544)
* OSPF: Incorrect description of N/P-bit in NSSA LSA. ([34]Bug 12555)
* Inconsistent VHT data rate. ([35]Bug 12558)
* DCE/RPC malformed error when stub-data is missing but a
sub-dissector has been registered. ([36]Bug 12561)
* Wireshark is marking BGP FlowSpec NLRI as malformed if NLRI length
is larger than 239 bytes. ([37]Bug 12568)
* "Edit Resolved Name" is not saved in current pcapng file. ([38]Bug
12629)
* MPTCP: MP_JOIN B bit not decoded correctly. ([39]Bug 12635)
* MPTCP MP_PRIO header with AddrID: incorrect AddrID. ([40]Bug 12641)
Updated Protocol Support
802.11 Radiotap, BGP, CAN, CANopen, H.248 Q.1950, IPv4, IPv6, LANforge,
LDSS, MPTCP, OSPF, PacketBB, PRP, RLC, RMT-FEC, RSVP, RTP MIDI, T.30,
TDS, USB, WAP, WBXML, WiMax RNG-RSP, and WSP
New and Updated Capture File Support
and pcapng
|
|
|
|
|
|
Wireshark 2.0.4 Release Notes
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-29
The SPOOLS dissector could go into an infinite loop. Discovered by
the CESG.
* [2]wnpa-sec-2016-30
The IEEE 802.11 dissector could crash. ([3]Bug 11585)
* [4]wnpa-sec-2016-31
The IEEE 802.11 dissector could crash. Discovered by Mateusz
Jurczyk. ([5]Bug 12175)
* [6]wnpa-sec-2016-32
The UMTS FP dissector could crash. ([7]Bug 12191)
* [8]wnpa-sec-2016-33
Some USB dissectors could crash. Discovered by Mateusz Jurczyk.
([9]Bug 12356)
* [10]wnpa-sec-2016-34
The Toshiba file parser could crash. Discovered by iDefense Labs.
([11]Bug 12394)
* [12]wnpa-sec-2016-35
The CoSine file parser could crash. Discovered by iDefense Labs.
([13]Bug 12395)
* [14]wnpa-sec-2016-36
The NetScreen file parser could crash. Discovered by iDefense Labs.
([15]Bug 12396)
* [16]wnpa-sec-2016-37
The Ethernet dissector could crash. ([17]Bug 12440)
The following bugs have been fixed:
* Saving pcap capture file with ERF encapsulation creates an invalid
pcap file. ([18]Bug 3606)
* Questionable calling of Ethernet dissector by encapsulating
protocol dissectors. ([19]Bug 9933)
* Wireshark 1.12.0 does not dissect HTTP correctly. ([20]Bug 10335)
* Don't copy details of hidden columns. ([21]Bug 11788)
* RTP audio player crashes. ([22]Bug 12166)
* Crash when saving RTP audio Telephony->RTP->RTP
Streams->Analyze->Save->Audio. ([23]Bug 12211)
* Edit - preferences - add column field not showing dropdown for
choices. ([24]Bug 12321)
* Using _ws.expert in a filter can cause a crash. ([25]Bug 12335)
* Crash in SCCP dissector UAT (Qt UI only). ([26]Bug 12364)
* J1939 frame without data = malformed packet ? ([27]Bug 12366)
* The stream number in tshark's "-z follow,tcp,<stream number>"
option is 0-origin rather than 1-origin. ([28]Bug 12383)
* IP Header Length display filter should show calculated value.
([29]Bug 12387)
* Multiple file radio buttons should be check boxes. ([30]Bug 12388)
* Wrong check for getaddrinfo and gethostbyname on Solaris 11.
([31]Bug 12391)
* ICMPv6 dissector doesn't respect actual packet length. ([32]Bug
12400)
* Format DIS header timestamp mm:ss.nnnnnn. ([33]Bug 12402)
* RTP Stream Analysis can no longer be sorted in 2.0.3. ([34]Bug
12405)
* RTP Stream Analysis fails to complete in 2.0.3 when packets are
sliced. ([35]Bug 12406)
* Network-Layer Name Resolution uses first 32-bits of IPv6 DNS
address as IPv4 address in some circumstances. ([36]Bug 12412)
* BACnet decoder incorrectly flags a valid APDU as a "Malformed
Packet". ([37]Bug 12422)
* Valid ISUP messages marked with warnings. ([38]Bug 12423)
* Profile command line switch "-C" not working in Qt interface.
([39]Bug 12425)
* MRCPv2: info column not showing info correctly. ([40]Bug 12426)
* Diameter: Experimental result code 5142. ([41]Bug 12428)
* Tshark crashes when analyzing RTP due to pointer being freed not
allocated. ([42]Bug 12430)
* NFS: missing information in getattr for supported exclusive create
attributes. ([43]Bug 12435)
* Ethernet type field with a value of 9100 is shown as "Unknown".
([44]Bug 12441)
* Documentation does not include support for Windows Server 2012 R2.
([45]Bug 12455)
* Column preferences ruined too easily. ([46]Bug 12465)
* SMB Open andX extended response decoded incorrectly. ([47]Bug
12472)
* SMB NtCreate andX with extended response sometimes incorrect.
([48]Bug 12473)
* Viewing NFSv3 Data, checking SRTs doesn't work. ([49]Bug 12478)
* Make wireshark with Qt enabled buildable on ARM. ([50]Bug 12483)
Updated Protocol Support
AFS, ANSI IS-637 A, BACapp, BT BNEP, Cisco FabricPath MiM, CSN.1,
DCERPC SPOOLS, DIS, Ethernet, GSM A RR, ICMPv6, IEEE 802.11, IPv4,
ISUP, J1939, JXTA, LAPSat, LPADm, LTE-RRC, MRCPv2, NFS, OpenFlow,
SGsAP, SMB, STT, TZSP, UMTS FP, and USB
New and Updated Capture File Support
Aethra, Catapult DCT2000, CoSine, DBS Etherwatch, ERF, iSeries, Ixia
IxVeriWave, NetScreen, Toshiba, and VMS TCPIPtrace
|
|
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-01
DLL hijacking vulnerability. [2]CVE-2016-2521
* [3]wnpa-sec-2016-02
ASN.1 BER dissector crash. ([4]Bug 11828) [5]CVE-2016-2522
* [6]wnpa-sec-2016-03
DNP dissector infinite loop. ([7]Bug 11938) [8]CVE-2016-2523
* [9]wnpa-sec-2016-04
X.509AF dissector crash. ([10]Bug 12002) [11]CVE-2016-2524
* [12]wnpa-sec-2016-05
HTTP/2 dissector crash. ([13]Bug 12077) [14]CVE-2016-2525
* [15]wnpa-sec-2016-06
HiQnet dissector crash. ([16]Bug 11983) [17]CVE-2016-2526
* [18]wnpa-sec-2016-07
3GPP TS 32.423 Trace file parser crash. ([19]Bug 11982)
[20]CVE-2016-2527
* [21]wnpa-sec-2016-08
LBMC dissector crash. ([22]Bug 11984) [23]CVE-2016-2528
* [24]wnpa-sec-2016-09
iSeries file parser crash. ([25]Bug 11985) [26]CVE-2016-2529
* [27]wnpa-sec-2016-10
RSL dissector crash. ([28]Bug 11829) [29]CVE-2016-2530
[30]CVE-2016-2531
* [31]wnpa-sec-2016-11
LLRP dissector crash. ([32]Bug 12048) [33]CVE-2016-2532
* [34]wnpa-sec-2016-12
Ixia IxVeriWave file parser crash. ([35]Bug 11795)
* [36]wnpa-sec-2016-13
IEEE 802.11 dissector crash. ([37]Bug 11818)
* [38]wnpa-sec-2016-14
GSM A-bis OML dissector crash. ([39]Bug 11825)
* [40]wnpa-sec-2016-15
ASN.1 BER dissector crash. ([41]Bug 12106)
* [42]wnpa-sec-2016-16
SPICE dissector large loop. ([43]Bug 12151)
* [44]wnpa-sec-2016-17
NFS dissector crash.
* [45]wnpa-sec-2016-18
ASN.1 BER dissector crash. ([46]Bug 11822)
The following bugs have been fixed:
* HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP
streams" option is enabled. ([47]Bug 9848)
* Questionable calling of ethernet dissector by encapsulating
protocol dissectors. ([48]Bug 9933)
* [Qt & Legacy & probably TShark too] Delta Time Conversation column
is empty. ([49]Bug 11559)
* extcap: abort when validating capture filter for DLT 147. ([50]Bug
11656)
* Missing columns in Qt Flow Graph. ([51]Bug 11710)
* Interface list doesn't show well when the list is very long.
([52]Bug 11733)
* Unable to use saved Capture Filters in Qt UI. ([53]Bug 11836)
* extcap: Capture interface options snaplen, buffer and promiscuous
not being used. ([54]Bug 11865)
* Improper RPC reassembly ([55]Bug 11913)
* GTPv1 Dual Stack with one static and one Dynamic IP. ([56]Bug
11945)
* Wireshark 2.0.1 MPLS dissector not decoding payload when control
word is present in pseudowire. ([57]Bug 11949)
* "...using this filter" turns white (not green or red). Plus
dropdown arrow does nothing. ([58]Bug 11950)
* EIGRP field eigrp.ipv4.destination does not show the correct
destination. ([59]Bug 11953)
* tshark -z conv,type[,filter] swapped frame / byte values from / to
columns. ([60]Bug 11959)
* The field name nstrace.tcpdbg.tcpack should be
nstrace.tcpdbg.tcprtt. ([61]Bug 11964)
* 6LoWPAN IPHC traffic class not decompressed correctly. ([62]Bug
11971)
* Crash with snooping NFS file handles. ([63]Bug 11972)
* 802.11 dissector fails to decrypt some broadcast messages. ([64]Bug
11973)
* Wireshark hangs when adding a new profile. ([65]Bug 11979)
* Issues when closing the application with a running capture without
packets. ([66]Bug 11981)
* New Qt UI lacks ability to step through multiple TCP streams with
Analyze > Follow > TCP Stream. ([67]Bug 11987)
* GTK: plugin_if_goto_frame causes Access Violation if called before
capture file is loaded. ([68]Bug 11989)
* Wireshark 2.0.1 crash on start. ([69]Bug 11992)
* Wi-Fi 4-way handshake 4/4 is displayed as 2/4. ([70]Bug 11994)
* ACN: acn.dmx.data has incorrect type. ([71]Bug 11999)
* editcap packet comment won't add multiple comments. ([72]Bug 12007)
* DICOM Sequences no longer able to be expanded. ([73]Bug 12011)
* Wrong TCP stream when port numbers are reused. ([74]Bug 12022)
* SSL decryption fails in presence of a Client certificate. ([75]Bug
12042)
* LUA: TVBs backing a data source is freed too early. ([76]Bug 12050)
* PIM: pim.group filter have the same name for IPv4 and IPv6.
([77]Bug 12061)
* Failed to parse M3AP IE (TNL information). ([78]Bug 12070)
* Wrong interpretation of Instance ID value in OSPFv3 packet.
([79]Bug 12072)
* MP2T Dissector does parse RTP properly in 2.0.1. ([80]Bug 12099)
* editcap does not adjust time for frames with absolute timestamp 0 <
t < 1 secs. ([81]Bug 12116)
* Guard Interval is not consistent between Radiotap & wlan_radio.
([82]Bug 12123)
* Calling dumpcap -i- results in access violation. ([83]Bug 12143)
* Qt: Friendly Name and Interface Name columns should not be
editable. ([84]Bug 12146)
* PPTP GRE call ID not always decoded. ([85]Bug 12149)
* Interface list does not show device description anymore. ([86]Bug
12156)
* Find Packet does not highlight the matching tree item or packet
bytes. ([87]Bug 12157)
* "total block length ... is too large" error when opening pcapng
file with multiple SHB sections. ([88]Bug 12167)
* http.request.full_uri is malformed if an HTTP Proxy is used.
([89]Bug 12176)
* SNMP dissector fails at msgSecurityParameters with long length
encoding. ([90]Bug 12181)
Updated Protocol Support
6LoWPAN, ACN, ASN.1 BER, BATADV, DICOM, DNP3, DOCSIS INT-RNG-REQ, E100,
EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet, HTTP, HTTP/2, IEEE 802.11,
IKEv2, InfiniBand, IPv4, IPv6, LBMC, LLRP, M3AP, MAC LTE, MP2T, MPLS,
NFS, NS Trace, OSPF, PIM, PPTP, RLC LTE, RoHC, RPC, RSL, SNMP, SPICE,
SSL, TCP, TRILL, VXLAN, WaveAgent, and X.509AF
New and Updated Capture File Support
3GPP TS 32.423 Trace, iSeries, Ixia IxVeriWave, pcap, and pcapng
|
|
|
|
|
|
version upstream.
|
|
|
|
Changelog:
Wireshark 1.12.9 Release Notes
__________________________________________________________________
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2015-31
NBAP dissector crashes. ([2]Bug 11602, [3]Bug 11835, [4]Bug 11841)
* [5]wnpa-sec-2015-32
UMTS FP dissector crashes. ([6]Bug 11602, [7]Bug 11606)
* [8]wnpa-sec-2015-33
DCOM dissector crash. ([9]Bug 11610)
* [10]wnpa-sec-2015-34
AllJoyn dissector infinite loop. ([11]Bug 11607)
* [12]wnpa-sec-2015-35
T.38 dissector crash. ([13]Bug 9887)
* [14]wnpa-sec-2015-36
SDP dissector crash. ([15]Bug 9887)
* [16]wnpa-sec-2015-37
NLM dissector crash.
* [17]wnpa-sec-2015-38
DNS dissector crash. ([18]Bug 10988)
* [19]wnpa-sec-2015-39
BER dissector crash.
* [20]wnpa-sec-2015-40
Zlib decompression crash. ([21]Bug 11548)
* [22]wnpa-sec-2015-41
SCTP dissector crash. ([23]Bug 11767)
* [24]wnpa-sec-2015-42
802.11 decryption crash. ([25]Bug 11790, [26]Bug 11826)
* [27]wnpa-sec-2015-43
DIAMETER dissector crash. ([28]Bug 11792)
* [29]wnpa-sec-2015-44
VeriWave file parser crashes. ([30]Bug 11789, [31]Bug 11791)
* [32]wnpa-sec-2015-45
RSVP dissector crash. ([33]Bug 11793)
* [34]wnpa-sec-2015-46
ANSI A & GSM A dissector crashes. ([35]Bug 11797)
* [36]wnpa-sec-2015-47
Ascend file parser crash. ([37]Bug 11794)
* [38]wnpa-sec-2015-48
NBAP dissector crash. ([39]Bug 11815)
* [40]wnpa-sec-2015-49
RSL dissector crash. ([41]Bug 11829)
* [42]wnpa-sec-2015-50
ZigBee ZCL dissector crash. ([43]Bug 11830)
* [44]wnpa-sec-2015-51
Sniffer file parser crash. ([45]Bug 11827)
The Windows installers are now built using NSIS 2.50 in order to avoid
[46]DLL hijacking flaws.
The following bugs have been fixed:
* Zooming out (Ctrl+-) too far crashes Wireshark. ([47]Bug 8854)
* IPv6 Next Header is Unknown yet Wireshark tries parsing an IPv6
Extension Header. ([48]Bug 9996)
* IPv6 Mobility Header Link-Layer Address Mobility Option is parsed
incorrectly. ([49]Bug 10627)
* Windows Wireshark Installer does not detect WinPcap which is
already installed. ([50]Bug 10867)
* SSL Decrypted Packet Not Decoded As HTTP. ([51]Bug 10984)
* Wireshark crashes when using the VoIP player. ([52]Bug 11596)
* [GSMTAP] Incorrect decoding of MS Radio Access Capability using
alternative coding. ([53]Bug 11599)
* TCP sequence analysis (expert info) does not work in 802.1ah
frames. ([54]Bug 11629)
* No correct GVCP info message for READREG_ACK command. ([55]Bug
11639)
* Bug in EtherCAT dissector with mailbox response. ([56]Bug 11652)
* NLM v4 statistics crash. ([57]Bug 11654)
* Malformed packet with IPv6 mobility header. ([58]Bug 11728)
* LDAP decode shows invalid number of results for searchResEntry
packets. ([59]Bug 11761)
* IPv6 RPL Routing Header with length of 8 bytes still reads an
address. ([60]Bug 11803)
* g_utf8_validate assertion when reassembling GSM SMS messages
encoded in UCS2. ([61]Bug 11809)
* MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong.
([62]Bug 11921)
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
6LoWPAN, 802.1ah, AllJoyn, ANSI A, ASN.1 BER, CLNP, CMS, DCOM,
DIAMETER, DNS, ERF, GSM A, GSM SMS, GTP, GVCP, HiSLIP, IEEE 802.11,
IPv4, IPv6, L2TP, LDAP, MIP6, MP2T, NBAP, NLM, ONC RPC, PCP, RSL, RSVP,
SCTP, SDP, SIGCOMP, SNMP, SPDY, T.38, UMTS FP, and ZigBee ZCL
New and Updated Capture File Support
Ascend, ERF, Sniffer, and VeriWave
__________________________________________________________________
Getting Wireshark
Wireshark source code and installation packages are available from
[63]https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can be
found on the [64]download page on the Wireshark web site.
__________________________________________________________________
File Locations
Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
vary from platform to platform. You can use About->Folders to find the
default locations on your system.
__________________________________________________________________
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. ([65]Bug 1419)
The BER dissector might infinitely loop. ([66]Bug 1516)
Capture filters aren't applied when capturing from named pipes.
([67]Bug 1814)
Filtering tshark captures with read filters (-R) no longer works.
([68]Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption.
([69]Win64 development page)
Resolving ([70]Bug 9044) reopens ([71]Bug 3528) so that Wireshark no
longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. ([72]Bug 4035)
Hex pane display issue after startup. ([73]Bug 4056)
Packet list rows are oversized. ([74]Bug 4357)
Wireshark and TShark will display incorrect delta times in some cases.
([75]Bug 4985)
__________________________________________________________________
Getting Help
Community support is available on [76]Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and archives for
all of Wireshark's mailing lists can be found on [77]the web site.
Official Wireshark training and certification are available from
[78]Wireshark University.
__________________________________________________________________
Frequently Asked Questions
A complete FAQ is available on the [79]Wireshark web site.
__________________________________________________________________
Last updated 2015-12-29 08:48:09 PST
References
1. https://www.wireshark.org/security/wnpa-sec-2015-31.html
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841
5. https://www.wireshark.org/security/wnpa-sec-2015-32.html
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11606
8. https://www.wireshark.org/security/wnpa-sec-2015-33.html
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11610
10. https://www.wireshark.org/security/wnpa-sec-2015-34.html
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11607
12. https://www.wireshark.org/security/wnpa-sec-2015-35.html
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
14. https://www.wireshark.org/security/wnpa-sec-2015-36.html
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
16. https://www.wireshark.org/security/wnpa-sec-2015-37.html
17. https://www.wireshark.org/security/wnpa-sec-2015-38.html
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10988
19. https://www.wireshark.org/security/wnpa-sec-2015-39.html
20. https://www.wireshark.org/security/wnpa-sec-2015-40.html
21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548
22. https://www.wireshark.org/security/wnpa-sec-2015-41.html
23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11767
24. https://www.wireshark.org/security/wnpa-sec-2015-42.html
25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790
26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826
27. https://www.wireshark.org/security/wnpa-sec-2015-43.html
28. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792
29. https://www.wireshark.org/security/wnpa-sec-2015-44.html
30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11789
31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791
32. https://www.wireshark.org/security/wnpa-sec-2015-45.html
33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11793
34. https://www.wireshark.org/security/wnpa-sec-2015-46.html
35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797
36. https://www.wireshark.org/security/wnpa-sec-2015-47.html
37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794
38. https://www.wireshark.org/security/wnpa-sec-2015-48.html
39. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815
40. https://www.wireshark.org/security/wnpa-sec-2015-49.html
41. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829
42. https://www.wireshark.org/security/wnpa-sec-2015-50.html
43. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
44. https://www.wireshark.org/security/wnpa-sec-2015-51.html
45. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827
46. http://nsis.sourceforge.net/Docs/AppendixF.html
47. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8854
48. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9996
49. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10627
50. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10867
51. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10984
52. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11596
53. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11599
54. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11629
55. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11639
56. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11652
57. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11654
58. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11728
59. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11761
60. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11803
61. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11809
62. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11921
63. https://www.wireshark.org/download.html
64. https://www.wireshark.org/download.html#thirdparty
65. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
66. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
67. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
68. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
69. https://wiki.wireshark.org/Development/Win64
70. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
71. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
72. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
73. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
74. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
75. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
76. https://ask.wireshark.org/
77. https://www.wireshark.org/lists/
78. http://www.wiresharktraining.com/
79. https://www.wireshark.org/faq.html
|
|
|
|
Avoid SDK build on OS X.
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-30
Pcapng file parser crash. Discovered by Dario Lombardo and Shannon
Sabens. ([2]Bug 11455) [3]CVE-2015-7830
The following bugs have been fixed:
* Last Address field for IPv6 RPL routing header is interpreted
incorrectly. ([4]Bug 10560)
* Comparing two capture files crashes Wireshark when navigating the
results. ([5]Bug 11098)
* 802.11 frame is not correctly dissected if it contains HT Control.
([6]Bug 11351)
* GVCP bit-fields not updated. ([7]Bug 11442)
* Tshark crash when specifying ssl.keys_list on CLI. ([8]Bug 11443)
* pcapng: SPB capture length is incorrectly truncated if IDB snaplen
= 0. ([9]Bug 11483)
* pcapng: NRB IPv4 address is endian swapped but shouldn't be.
([10]Bug 11484)
* pcapng: NRB with options causes file read failure. ([11]Bug 11485)
* pcapng: ISB without if_drop option is shown as max value. ([12]Bug
11489)
* UNISTIM dissector - Message length not included in offset for
"Select Adjustable Rx Volume". ([13]Bug 11497)
Updated Protocol Support
DIAMETER, GVCP, IEEE 802.11, IPv6, and UNISTIM
|
|
Why this didn't surface before is anyone's guess. Bump rev.
|
|
Full ChangeLog since 1.10.14 is too long to include. A few highlights:
- Expert information is now filterable when the new API is in use.
- "malformed" display filter has been renamed to "_ws.malformed".
- Transport name resolution is now disabled by default.
- Support has been added for all versions of the DCBx protocol.
- Cleanup of LLDP code, all dissected fields are now navigable.
- Dissector output may be encoded as UTF-8. This includes TShark output.
- The ASN1 plugin has been removed as it s deemed obsolete.
- The GNM dissector has been removed as it was never used.
- The Kerberos dissector has been replaced by one generated from ASN1 code.
- A more flexible, modular memory manager (wmem) has been added.
- A new API for expert information has been added, replacing the old one.
- The tvbuff API has been cleaned up.
- Support for 80+ new protocols
|
|
|
