- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-54
The Bluetooth HCI ACL dissector could crash. Discovered by
Laurent Butti. (Bug 8827)
Versions affected: 1.10.0 to 1.10.1
* wnpa-sec-2013-55
The NBAP dissector could crash. Discovered by Laurent
Butti. (Bug 9005)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-56
The ASSA R3 dissector could go into an infinite loop.
Discovered by Ben Schmidt. (Bug 9020)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-57
The RTPS dissector could overflow a buffer. Discovered by
Ben Schmidt. (Bug 9019)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-58
The MQ dissector could crash. (Bug 9079)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-59
The LDAP dissector could crash. Versions affected: 1.10.0
to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-60
The Netmon file parser could crash. Discovered by G.
Geshev. (Bug 8742)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
- The following bugs have been fixed:
* Lua ByteArray:append() causes wireshark crash. (Bug
4461)
* Lua script can not get "data-text-lines" protocol data.
(Bug 5200)
* Lua: Trying to use Field.new("tcp.segments") to get
reassembled TCP data is failed. (Bug 5201)
* "Edit Interface Settings": "Capture Filter" combo box is
not populated across Wireshark sessions. (Bug 7278)
* PER normally small non-negative whole number decoding is
wrong when >= 64. (Bug 8841)
* Strange behavior of tree expand/collapse in packet details.
(Bug 8908)
* Incorrect parsing of IPFIX *IpTotalLength elements.
(Bug 8918)
* IO graph/advanced, max/min/summ error on frames with
multiple Diameter messages. (Bug 8980)
* pod2man error on reordercap.pod. (Bug 8982)
* SGI Nsym disambiguation is unconditionally displayed when
dissecting VHT. (Bug 8989)
* The Wireshark icon doesn't show up in OS X 10.5. (Bug
8993)
* Build fails if system Python is version 3+. (Bug 8995)
* SCSI dissector does not parse PERSISTENT RESERVE commands
correctly. (Bug 9012)
* SDP messages throws an assert. (Bug 9022)
* Wireshark fails to decode single-line, multiple Contact:
URIs in SIP responses. (Bug 9031)
* PN_MRP LinkUp Message is shown as LinkDown in info.
(Bug 9035)
* Dissector for EtherCAT: ADS highlighting in the Packet
Bytes Pane is incorrect. (Bug 9036)
* 802.11 HT Extended Capabilities B10 decode incorrect.
(Bug 9038)
* Wrong dissection of MSTI Root Identifiers for all MSTIs.
(Bug 9088)
* Weird malformed HTTP error. (Bug 9101)
* Warning for attempting to install 64-bit Wireshark on a
32-bit machine has an embedded "\n". (Bug 9103)
* Wireshark crashes when using "Export Specified Packets" >
"Displayed". (Bug 9106)
- Updated Protocol Support
ASN.1 PER, ASSA R3, Bluetooth HCI ACL, EtherCAT AMS, GTPv2,
HTTP, IEEE 802.11, IPFIX, ISDN SUP, LDAP, MQ, NBAP, Novell SSS,
PROFINET MRP, Radiotap, ROHC, RTPS, SCSI, SIP, and STP
- New and Updated Capture File Support
Microsoft Network Monitor, pcap-ng.
- The following vulnerabilities have been fixed.
* wnpa-sec-2013-41
The DCP ETSI dissector could crash. (Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7
CVE-2013-4083
* wnpa-sec-2013-42
The P1 dissector could crash. Discovered by Laurent Butti.
(Bug 8826)
Versions affected: 1.10.0
CVE-2013-4920
* wnpa-sec-2013-43
The Radiotap dissector could crash. Discovered by Laurent
Butti. (Bug 8830)
Versions affected: 1.10.0
CVE-2013-4921
* wnpa-sec-2013-44
The DCOM ISystemActivator dissector could crash. Discovered
by Laurent Butti. (Bug 8828)
Versions affected: 1.10.0
CVE-2013-4924
CVE-2013-4926
* wnpa-sec-2013-45
The Bluetooth SDP dissector could go into a large loop.
Discovered by Laurent Butti. (Bug 8831)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4927
* wnpa-sec-2013-46
The Bluetooth OBEX dissector could go into an infinite
loop. (Bug 8875)
Versions affected: 1.10.0
CVE-2013-4928
* wnpa-sec-2013-47
The DIS dissector could go into a large loop. (Bug
8911)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4929
* wnpa-sec-2013-48
The DVB-CI dissector could crash. Discovered by Laurent
Butti. (Bug 8916)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4930
* wnpa-sec-2013-49
The GSM RR dissector (and possibly others) could go into a
large loop. (Bug 8923)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4931
* wnpa-sec-2013-50
The GSM A Common dissector could crash. (Bug 8940)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4932
* wnpa-sec-2013-51
The Netmon file parser could crash. Discovered by G.
Geshev. (Bug 8742)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4934
* wnpa-sec-2013-52
The ASN.1 PER dissector could crash. Discovered by
Oliver-Tobias Ripka. (Bug 8722)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4935
* wnpa-sec-2013-53
The PROFINET Real-Time dissector could crash. (Bug
8904)
Versions affected: 1.10.0
CVE-2013-4936
- The following bugs have been fixed:
* Mark retransmitted SYN and FIN packets as retransmissions.
* Wireshark hides under Taskbar. (Bug 3034)
* IEEE 802.15.4 frame check sequence in "Chipcon mode" not
displayed correctly. (Bug 4507)
* Mask in Lua ProtoField.uint32() does not work as expected.
(Bug 5734)
* Crash when applying filter with Voip calls. (Bug 6090)
* Delta time regressions to tshark introduced with SVN 45071.
(Bug 8160)
* Add MAC-DATA support to TETRA dissector and other minor
improvements. (Bug 8708)
* Crash analyzing VoIP Calls (T38). (Bug 8736)
* Wireshark writes empty NRB FQDN which makes trace
unloadable. (Bug 8763)
* Quick launch icon is absent, so it shows up as a generic
icon. (Bug 8773)
* Wrong encoding for 2 pod files, UTF-8 characters in
another. (Bug 8774)
* SCSI (SPC) sense key specific information field must not
include SKSV. (Bug 8782)
* Wireshark crashes when closing Flow Graph with Graph
Analysis opened. (Bug 8793)
* Wrong size of LLRP ProtocolID Parameter in Accessspec
Parameter. (Bug 8809)
* Detection of IPv6 works only on Solaris 8. (Bug 8813)
* ip.opt.type triggers for TCP NOP option. (Bug 8823)
* DCOM-SYSACT dissector crash. (Bug 8828)
* Incorrect decoding of MPLS Echo Request with BGP FEC.
(Bug 8835)
* Buggy IEC104 dissector caused by commit r48958. (Bug
8849)
* ansi_637_tele dissector displays MSB as MBS for Call-Back
Number. (Bug 8851)
* LISP Map-Notify flags I and R shown incorrectly. (Bug
8852)
* ONTAP_V4 fhandle decoding leads to dissector bug. (Bug
8853)
* Dropped bytes in imap dissector. (Bug 8857)
* Kismet drone/server dissector improvements. (Bug 8864)
* TShark iostat_draw sizeof mismatch. (Bug 8888)
* SCTP bytes graph crash. (Bug 8889)
* Patch to Wireshark/tshark usage info and man pages to
document all timestamp (-t) options. (Bug 8906)
* Strange behavior of tree expand/collapse in packet details.
(Bug 8908)
* Graph Filter field limited to 256 characters. (Bug
8909)
* Filter doesn't support cflow ASN larger than 65535.
(Bug 8959)
* Wireshark crashes when switching from a v1.11.0 profile to
a v1.4.6 prof and then to a v1.5.1 prof. (Bug 8884)
* SIP stats shows incorrect values for Max/Ave setup times.
(Bug 8897)
* NFSv4 delegation not reported correctly. (Bug 8920)
* Issue with Capture Options Adapter List. (Bug 8932)
* RFC 5844 - IPv4 Support for Proxy Mobile IPv6 - Mobility
option IPv4 DHCP Support Mode Option malformed packet.
(Bug 8957)
* RFC 3775 - Mobility Support in IPv6 - Mobility option PadN
incorrectly highlights + 2 bytes. (Bug 8958)
* All mongodb query show as .
(Bug 8960)
- Updated Protocol Support
ANSI IS-637-A, ASN.1, ASN.1 PER, Bluetooth OBEX, Bluetooth SDB,
DCERPC NDR, DCOM ISystemActivator, DCP ETSI, Diameter 3GPP,
DIS, DVB-CI, Ethernet, GSM Common, GSM SMS, H.235, IEC104, IEEE
802.15.4, IEEE 802a, IMAP, IP, KDSP, LISP, LLRP, MAC-LTE,,
Mobile IPv6, MONGO, MPLS Echo, Netflow, NFS, NFSv4, P1,
PDCP-LTE, PN-IO, PN-RT, PPP, Radiotap, RLC,, RLC-LTE,, SCSI,
SIP, SMTP, SoulSeek, TCP, TETRA, and VNC
- New and Updated Capture File Support
Microsoft Network Monitor, pcap-ng.
Wireshark on 32- and 64-bit Windows supports automatic updates.
The packet bytes view is faster.
You can now display a list of resolved host names in "hosts" format within Wireshark.
The wireless toolbar has been updated.
Wireshark on Linux does a better job of detecting interface addition and removal.
It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
USB type and product name support has been improved.
All Bluetooth profiles and protocols are now supported.
Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
Capinfos now prints human-readable statistics with SI suffixes by default.
It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
Wireshark can be compiled using GTK+ 3.
The Wireshark application icon, capture toolbar icons, and other icons have been updated.
Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add "gtk-scrolled-window-placement = top-right" in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.
The LOAD() metric in the IO-graph now shows the load in IO units instead of thousands of IO units.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-32
The CAPWAP dissector could crash. Discovered by Laurent Butti.
(Bug 8725)
Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
o wnpa-sec-2013-33
The GMR-1 BCCH dissector could crash. Discovered by Sylvain
Munaut and Laurent Butti. (Bug 7664, Bug 8726 )
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-34
The PPP dissector could crash. Discovered by Laurent Butti.
(Bug 7880, Bug 8727 )
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-35
The NBAP dissector could crash. (Bug 8697)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-36
The RDP dissector could crash. Discovered by Laurent Butti
(Bug 8729)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-37
The GSM CBCH dissector could crash. Discovered by Laurent
Butti (Bug 8730)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-38
The Assa Abloy R3 dissector could consume excessive memory and
CPU. (Bug 8764)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-39
The HTTP dissector could overrun the stack. (Bug 8733)
Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
o wnpa-sec-2013-40
The Ixia IxVeriWave file parser could overflow the heap.
Discovered by Sachin Shinde. (Bug 8760)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-41
The DCP ETSI dissector could crash. (Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
The following bugs have been fixed:
o TRY_TO_FAKE_THIS_ITEM disables bounds errors. (Bug 3290)
o Multiple expert info in a packet does not cause the most
"severe" to be displayed in expert column. (Bug 7733)
o tshark -z io,stat reports bad byte counts if filter doesn't
match anything. (Bug 8066)
o Add decryption for WPA eapol 4-way handshake. (Bug 8680)
o wireshark is crashing while attempting to use 'SCTP' ->
'Prepare Filter for this Association'. (Bug 8731)
o Crash analyzing VoIP Calls (T38). (Bug 8736)
o IMAP Dissector, Missing byte. (Bug 8739)
o C12.22 Invocation Id shows negative sometimes. (Bug 8744)
o gsm_a_dtap dissector (SMS): under certain conditions fillbits
may be displayed for an alphanumeric TP-Originating-Address.
(Bug 8756)
o TETRA dissector assertion. (Bug 8768)
o Mark retransmitted SYN and FIN packets as retransmissions.
- Updated Protocol Support
Bittorrent DHT, C12.22, CAPWAP, DCP ETSI, EAPOL, GMR-1 BCCH, GSM
CBCH, GSM SMS, HTTP, IMAP, NBAP, PPP, R3, RDP, SGsAP, T.38, TETRA
- New and Updated Capture File Support
Ixia IxVeriWave.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-23
The RELOAD dissector could go into an infinite loop.
Discovered by Evan Jensen. (Bug 8364, (Bug 8546)
Versions affected: 1.8.0 to 1.8.6.
CVE-2013-2486
CVE-2013-2487
o wnpa-sec-2013-24
The GTPv2 dissector could crash. (Bug 8493)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-25
The ASN.1 BER dissector could crash. (Bug 8599)
Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
o wnpa-sec-2013-26
The PPP CCP dissector could crash. (Bug 8638)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-27
The DCP ETSI dissector could crash. Discovered by Evan Jensen.
(Bug 8231, bug 8540, bug 8541)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-28
The MPEG DSM-CC dissector could crash. (Bug 8481)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-29
The Websocket dissector could crash. Discovered by Moshe
Kaplan. (Bug 8448, Bug 8499)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-30
The MySQL dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8458)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-31
The ETCH dissector could go into a large loop. Discovered by
Moshe Kaplan. (Bug 8464)
Versions affected: 1.8.0 to 1.8.6.
The following bugs have been fixed:
o The Windows installer and uninstaller does a better job of
detecting running executables.
o Library mismatch when compiling on a system with an older
Wireshark version. (Bug 6011)
o SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
o A console window is never opened. (Bug 7755)
o GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
o Fix include and libs search path when cross compiling. (Bug
7926)
o PER dissector crash. (Bug 8197)
o pcap-ng: name resolution block is not written to file on save.
(Bug 8317)
o Incorrect RTP statistics (Lost Packets indication not ok).
(Bug 8321)
o Decoding of GSM MAP E164 Digits. (Bug 8450)
o Silent installer and uninstaller not silent. (Bug 8451)
o Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to
placate recent autotools. (Bug 8452)
o Wifi details are not stored in the Decryption Key Management
dialog (post 1.8.x). (Bug 8446)
o IO Graph should not be limited to 100k points (NUM_IO_ITEMS).
(Bug 8460)
o geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit
field truncated to 23 bits. (Bug 8532)
o IRC message with multiple params causes malformed packet
exception. (Bug 8548)
o Part of Ping Reply Message in ICMPv6 Reply Message is marked
as "Malformed Packet". (Bug 8554)
o MP2T wiretap heuristic overriding ERF. (Bug 8556)
o Cannot read content of Ran Information Application Error Rim
Container. (Bug 8559)
o Endian error and IP:Port error when decoding BT-DHT response
message. (Bug 8572)
o "ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be
"ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY". (Bug 8575)
o wireshark crashes while displaying I/O Graph. (Bug 8583)
o GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded)
incorrectly. (Bug 8596)
o DTLS 1.2 uses wrong PRF. (Bug 8608)
o RTP DTMF digits are no longer displayed in VoIP graph
analysis. (Bug 8610)
o Universal port not accepted in RSA Keys List window. (Bug
8618)
o Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
o LISP control packet incorrectly identified as LISP data based
when UDP source port is 4341. (Bug 8627)
o Bad tcp checksum not detected. (Bug 8629)
o AMR Frame Type uses wrong Value String. (Bug 8681)
- Updated Protocol Support
AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson
A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave,
IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP,
SIP, SSL/TLS, TCP, UA3G
- New and Updated Capture File Support
Endace ERF, NetScreen snoop.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-10
The TCP dissector could crash. (Bug 8274)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2475
o wnpa-sec-2013-11
The HART/IP dissectory could go into an infinite loop. (Bug
8360)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2476
o wnpa-sec-2013-12
The CSN.1 dissector could crash. Discovered by Laurent Butti.
(Bug 8383)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2477
o wnpa-sec-2013-13
The MS-MMS dissector could crash. Discovered by Laurent Butti.
(Bug 8382)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2478
o wnpa-sec-2013-14
The MPLS Echo dissector could go into an infinite loop.
Discovered by Laurent Butti. (Bug 8039)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2479
o wnpa-sec-2013-15
The RTPS and RTPS2 dissectors could crash. Discovered by
Alyssa Milburn. (Bug 8332)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2480
o wnpa-sec-2013-16
The Mount dissector could crash. Discovered by Alyssa Milburn.
(Bug 8335)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2481
o wnpa-sec-2013-17
The AMPQ dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8337)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2482
o wnpa-sec-2013-18
The ACN dissector could attempt to divide by zero. Discovered
by Alyssa Milburn. (Bug 8340)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2483
o wnpa-sec-2013-19
The CIMD dissector could crash. Discovered by Moshe Kaplan.
(Bug 8346)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2484
o wnpa-sec-2013-20
The FCSP dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8359)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2485
o wnpa-sec-2013-21
The RELOAD dissector could go into an infinite loop.
Discovered by Even Jensen. (Bug 8364)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2486
CVE-2013-2487
o wnpa-sec-2013-22
The DTLS dissector could crash. Discovered by Laurent Butti.
(Bug 8380)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2488
The following bugs have been fixed:
o Lua pinfo.cols.protocol not holding value in postdissector.
(Bug 6020)
o data combined via ssl_desegment_app_data not visible via
"Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434)
o HTTP application/json-rpc should be decoded/shown as
application/json. (Bug 7939)
o Maximum value of 802.11-2012 Duration field should be 32767.
(Bug 8056)
o Voice RTP player crash if player is closed while playing. (Bug
8065)
o Display Filter Macros crash. (Bug 8073)
o RRC RadioBearerSetup message decoding issue. (Bug 8290)
o R-click filters add ! in front of field when choosing "apply
as filter>selected". (Bug 8297)
o BACnet - Loop Object - Setpoint-Reference property does not
decode correctly. (Bug 8306)
o WMM TSPEC Element Parsing is not done is wrong due to a wrong
switch case number. (Bug 8320)
o Incorrect RTP statistics (Lost Packets indication not ok).
(Bug 8321)
o Registering ieee802154 dissector for IEEE802.15.4 frames
inside Linux SLL frames. (Bug 8325)
o Version Field is skipped while parsing WMM_TSPEC causing wrong
dissecting (1 byte offset missing) of all fields in the TSPEC.
(Bug 8330)
o [BACnet] UCS-2 strings longer than 127 characters do not
decode correctly. (Bug 8331)
o Malformed IEEE80211 frame triggers DISSECTOR_ASSERT. (Bug
8345)
o Decoding of GSM MAP SMS Diagnostics. (Bug 8378)
o Incorrect packet length displayed for Flight Message Transfer
Protocol (FMTP). (Bug 8407)
o Netflow dissector flowDurationMicroseconds nanosecond
conversion wrong. (Bug 8410)
o BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432)
- Updated Protocol Support
ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS,
FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE
802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow,
RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-01
Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI
DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS,
SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs
8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-02
The CLNP dissector could crash. Discovered independently by
Laurent Butti and the Wireshark development team. (Bug 7871)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-03
The DTN dissector could crash. (Bug 7945)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-04
The MS-MMC dissector (and possibly others) could crash. (Bug
8112)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-05
The DTLS dissector could crash. Discovered by Laurent Butti.
(Bug 8111)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-06
The ROHC dissector could crash. (Bug 7679)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-07
The DCP-ETSI dissector could corrupt memory. Discovered by
Laurent Butti. (Bug 8213)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-08
The Wireshark dissection engine could crash. Discovered by
Laurent Butti. (Bug 8197)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-09
The NTLMSSP dissector could overflow a buffer. Discovered by
Ulf Härnhammar. (Bug X)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
- The following bugs have been fixed:
o SNMPv3 Engine ID registration. (Bug 2426)
o Wrong decoding of gtp.target identification. (Bug 3974)
o Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
o Wireshark crashes when starting due to out-of-date plugin left
behind from earlier installation. (Bug 7401)
o Failed to dissect TLS handshake packets. (Bug 7435)
o ISUP dissector problem with empty Generic Number. (Bug 7632)
o Illegal character is used in temporary capture file name. (Bug
7877)
o Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
o Timestamp info is not saved correctly when writing DOS Sniffer
files. (Bug 7998)
o 1.8.3 Wireshark User's Guide version is 1.6. (Bug 8009)
o Core dumped when the file is closed. (Bug 8022)
o LPP is misspelled in APDU parameter in
e-CIDMeasurementInitiation request for LPPA message. (Bug
8023)
o Wrong packet bytes are selected for ISUP CUG binary code. (Bug
8035)
o Decodes FCoE Group Multicast MAC address as Broadcom MAC
address. (Bug 8046)
o The SSL dissector stops decrypting the SSL conversation with
Malformed Packet:SSL error messages. (Bug 8075)
o Unable to Save/Apply [Unistim Port] in Preferences. (Bug 8078)
o Some Information Elements in GTPv2 are not dissected
correctly. (Bug 8079)
o Wrong bytes highlighted with "Find Packet...". (Bug 8085)
o 3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
o Wireshark does not show "Start and End Time" information for
Cisco Netflow/IPFIX with type 154 to 157. (Bug 8105)
o GPRS Tunnel Protocoll GTP Version 1 does not decode DAF flag
in Common Flags IE. (Bug 8193)
o Wrong parcing of ULI of gtpv2 messages - errors in SAC, RAC &
ECI. (Bug 8208)
o Version Number in EtherIP dissector. (Bug 8211)
o Warn Dissector bug, protocol JXTA. (Bug 8212)
o Electromagnetic Emission Parser parses field Event Id as
Entity Id. (Bug 8227)
- Updated Protocol Support
ANSI IS-637-A, ASN.1 PER, AX.25, Bluetooth HCI, CLNP, CSN.1,
DCP-ETSI, DIAMETER, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, EtherIP,
Fibre Channel, GPRS, GTP, GTPv2, HomePlug AV, IEEE 802.3 Slow,
IEEE 802.15.4, ISUP, JXTA, LAPD, LPPa, MPLS, MS-MMC, NAS-EPS,
NTLMSSP, ROHC, RSL, RTPS, SDP, SIP, SNMP, SSL
- New and Updated Capture File Support
DOS Sniffer
- The following vulnerabilities have been fixed.
o wnpa-sec-2012-30
Wireshark could leak potentially sensitive host name
resolution information when working with multiple pcap-ng
files. Discovered by Laura Chappell.
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-31
The USB dissector could go into an infinite loop. (Bug 7787)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-32
The sFlow dissector could go into an infinite loop. (Bug 7789)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-33
The SCTP dissector could go into an infinite loop. (Bug 7802)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-34
The EIGRP dissector could go into an infinite loop. (Bug 7800)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-35
The ISAKMP dissector could crash. (Bug 7855)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-36
The iSCSI dissector could go into an infinite loop. (Bug 7858)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-37
The WTP dissector could go into an infinite loop. (Bug 7869)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-38
The RTCP dissector could go into an infinite loop. (Bug 7879)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-39
The 3GPP2 A11 dissector could go into an infinite loop. (Bug
7801)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-40
The ICMPv6 dissector could go into an infinite loop. (Bug
7844)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
- The following bugs have been fixed:
o Menu and Title bars inaccessible using GTK2 (non-legacy) with
two monitors. (Bug 553)
o 802.11 Probe Response fails to parse. (Bug 1284)
o Tshark - decimal symbol. (Bug 2880)
o Malformed tpncp.dat file can crash Wireshark. (Bug 6665)
o SSL decryption not work even with example capture file and
key. (Bug 6869)
o Info line is incorrect on SIP message containing another SIP
message in body. (Bug 7780)
o OOPS: dissector table "sctp.ppi" doesn't exist Protocol being
registered is "Datagram Transport Layer Security". (Bug 7784)
o Dissection of IEEE 802.11 Channel Switch Announcement element
fails. (Bug 7797)
o Invalid memory accesses when loading RADIUS captures. (Bug
7803)
o ISUP CIC should have format BASE_DEC, not BASE_HEX. (Bug 7848)
o We don't handle pcap-ng files with IDBs that come after packet
blocks. (Bug 7851)
o '*' wildcard in the 'Src IP' or 'Dest IP' field of the ESP SA
dialog does not work. (Bug 7866)
o nas_eps dissector does not decode some esm message. (Bug 7912)
o WLAN decryption status not updated after updating WEP/WPA
keys. (Bug 7921)
o IPv6 Option Pad1 Incorrect dissection. (Bug 7938)
o Print GNUTLS error message if PEM import fails. (Bug 7948)
o GSM classmark3 8-PSK decode error. (Bug 7964)
o Parsing the Server Name Indication extension in SSL/TLS
traffic reads some fields incorrectly. (Bug 7967)
o Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
o 2 bugs in Ran-Information-Error Rim Container. (Bug 8000)
o Misspelling (typo) in IPv6 display filter field name. (Bug
8006)
o Two BSSGP dissector bugs. (Bug 8008)
o Core dump during SCTP association analysis. (Bug 8011)
- Updated Protocol Support
3GPP2 A11, BSSGP, EIGRP, FMP/NOTIFY, GSM A, ICMP, ICMPv6, IEEE
802.11, IPsec, IPv6, ISAKMP, iSCSI, LTE RRC, NAS EPS, NDPS, Prism,
RADIUS, RRC, RTCP, SCTP, sFlow, SIP, SMB2, SSL/TLS, TPNCP, USB
- New and Updated Capture File Support
CommView NCF, iSeries, pcap-ng.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2012-26
The HSRP dissector could go into an infinite loop. (Bug 7581)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5237
o wnpa-sec-2012-27
The PPP dissector could abort. (Bug 7316, bug 7668)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5238
o wnpa-sec-2012-28
Martin Wilck discovered an infinite loop in the DRDA
dissector. (Bug 7666)
Versions affected: 1.6.0 to 1.6.10, 1.8.0 to 1.8.2.
CVE-2012-5239
o wnpa-sec-2012-29
Laurent Butti discovered a buffer overflow in the LDP
dissector. (Bug 7567)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5240
The following bugs have been fixed:
o The HTTP dissector does not reassemble headers when the first
TCP segment does not contain a full header line.
o HDCP2 uses the wrong protocol id.
o Several I/O graph problems have been fixed.
o No markers show up when maps are displayed. (Bug 5016)
o Assertion when using tshark/wireshark on large captures. (Bug
5699)
o Volume label field of "SMB/TRANS2-QUERY_FS_INFO/InfoVolume
level" reply packet is not displayed correctly due alignment
issue. (Bug 5778)
o 64-bit Wireshark appears to hit 2-Gbyte memory limit on 64-bit
Windows. (Bug 5979)
o Truncated/partial JPEG files are not dissected. (Bug 6230)
o Support for MPLS Packet Loss and Delay Measurement, RFC 6374.
(Bug 6881)
o Memory leak in voip_calls.c. (Bug 7320)
o When listing protocols available for "Decode As", plugins are
sorted after built-ins. (Bug 7348)
o Hidden columns should not be printed when printing packet
summary line. (Bug 7356)
o Size wrong in "File Set List" for just-finished captures. (Bug
7370)
o Error: no dependency information found for
debian/wireshark-common/usr/lib/wireshark/libwsutil.so.2 (used
by debian/wireshark/usr/bin/wireshark). (Bug 7408)
o Parse and properly display LTE RADIUS AVP
3GPP-User-Location-Info. (Bug 7474)
o [PATCH] HomeplugAV dissector: decode device id. (Bug 7548)
o BACnet GetEnrollmentSummary-ACK does not decode correctly.
(Bug 7556)
o epan/dissectors/packet-per.c
dissect_per_constrained_integer_64b fails for 64 bits. (Bug
7624)
o New SCTP PPID 48. (Bug 7635)
o dissector of Qos attribute "Reliability Class" in GMM/SM
message. (Bug 7670)
o Performance regression in tshark -z io,stat. (Bug 7674)
o Incorrect io-stat table format when unsupported "-t" operand
is specified and when using AVG of relative_time fields. (Bug
7685)
o IEEE 802.11 TKIP dissection : wrong IS_TKIP macro. (Bug 7691)
o Homeplug AV dissectors does not properly dissect short frames.
(Bug 7707)
o mm_context_nas_dl_cnt and mm_context_nas_ul_cnt are not
dissected properly in ContextResponse message in Gtpv2. (Bug
7718)
o This trace causes Wireshark to crash when VoIP Calls selected.
(Bug 7724)
o Some diameter Gx enumerations are missing values or value is
incorrect. (Bug 7727)
o Wireshark 1.8.2 is only displaying 2 filters from the
drop-down menu even when preferences are set to higher
integer. (Bug 7731)
o BGP bad decoding for Graceful Restart Capability with only
helper support & for Enhanced Route Refresh Capability. (Bug
7734)
o Dissection error of D-RELEASE and D-CONNECT in TETRA
dissector. (Bug 7736)
o DND can cause Wireshark to crash. (Bug 7744)
o SCSI: WRITE BUFFER fields always display as zero. (Bug 7753)
- Updated Protocol Support
ASN.1 PER, BACnet, BGP, DIAMETER, DRDA, DVB CI, DVB, GSM
Management, GTP, GTPv2, HDCP2, HomePlug AV, ICMP, ICMPv6, IEEE
802.11, IEEE 802a, Interlink, JPEG, LDP, LPP, MPEG, MPLS, PCAP,
PPP, RANAP, RRC, RRLP, SCCP, SCSI, SCTP, SDP, SMB, TETRA
- The following vulnerabilities have been fixed:
o wnpa-sec-2012-08
Infinite and large loops in the ANSI MAP, ASF, BACapp,
Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors
have been fixed. Discovered by Laurent Butti. (Bugs 6805,
7118, 7119, 7120, 7121, 7122, 7124, 7125)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
o wnpa-sec-2012-09
The DIAMETER dissector could try to allocate memory improperly
and crash. (Bug 7138)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
o wnpa-sec-2012-10
Wireshark could crash on SPARC processors due to misaligned
memory. Discovered by Klaus Heckelmann. (Bug 7221)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
- The following bugs have been fixed:
o User-Password - PAP decoding passwords longer than 16 bytes.
(Bug 6779)
o The MSISDN is not seen correctly in GTP packet. (Bug 7042)
o Wireshark doesn't calculate the right IPv4 destination using
source routing options when bad options precede them. (Bug
7043)
o BOOTP dissector issue with DHCP option 82 - suboption 9. (Bug
7047)
o MPLS dissector in 1.6.7 and 1.7.1 misdecodes some MPLS CW
packets. (Bug 7089)
o ANSI MAP infinite loop. (Bug 7119)
o HCIEVT infinite loop. (Bug 7122)
o Wireshark doesn't decode NFSv4.1 operations. (Bug 7127)
o LTP infinite loop. (Bug 7124)
o Wrong values in DNS CERT RR. (Bug 7130)
o Megaco parser problem with LF in header. (Bug 7198)
o OPC UA bytestring node id decoding is wrong. (Bug 7226)
- Updated Protocol Support
ANSI MAP, ASF, BACapp, Bluetooth HCI, DHCP, DIAMETER, DNS, GTP,
IEEE 802.11, IEEE 802.3, IPv4, LTP, Megaco, MPLS, NFS, OPC UA,
RADIUS
- New and Updated Capture File Support
5View, CSIDS, pcap, pcap-ng
changes:
The following bugs have been fixed:
-showing Malformed Packets H263-1996 (RFC2190).
-Wireshark could crash while trying to open an rpcap: URL.
Updated Protocol Support: H.263
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2012-04
The ANSI A dissector could dereference a NULL pointer and
crash. (Bug 6823)
Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
o wnpa-sec-2012-05
The IEEE 802.11 dissector could go into an infinite loop. (Bug
6809)
Versions affected: 1.6.0 to 1.6.5.
o wnpa-sec-2012-06
The pcap and pcap-ng file parsers could crash trying to read
ERF data. (Bug 6804)
Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
o wnpa-sec-2012-07
The MP2T dissector could try to allocate too much memory and
crash. (Bug 6804)
Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
o The Windows installers now include GnuTLS 1.12.18, which fixes
several vulnerabilities.
The following bugs have been fixed:
o ISO SSAP: ActivityStart: Invalid decoding the activity
parameter as a BER Integer. (Bug 2873)
o Forward slashes in URI need to be converted to backslashes if
WIN32. (Bug 5237)
o Character echo pauses in Capture Filter field in Capture
Options. (Bug 5356)
o Some PGM options are not parsed correctly. (Bug 5687)
o dumpcap crashes when capturing from pipe to a pcap-ng file
(e.g., when passing data from CACE Pilot to Wireshark). (Bug
5939)
o Unable to rearrange columns in preferences on Windows. (Bug
6077) (Note: this bug still affects the 64-bit package)
o No error for UDP/IPv6 packet with zero checksum. (Bug 6232)
o Wireshark installer doesn't add access_bpf in 10.5.8. (Bug
6526)
o Corrupted Diameter dictionary file that crashes Wireshark.
(Bug 6664)
o packetBB dissector bug: More than 1000000 items in the tree --
possible infinite loop. (Bug 6687)
o ZEP dissector: Timestamp not always displayed correctly.
Fractional seconds never displayed. (Bug 6703)
o GOOSE Messages don't use the length field to perform the
dissection. (Bug 6734)
o Ethernet traces in K12 text format sometimes give bogus
"malformed frame" errors and other problems. (Bug 6735)
o max_ul_ext isn't printed/decoded to the packet details log in
GTP protocol packet. (Bug 6761)
o non-IPP packets to or from port 631 are dissected as IPP. (Bug
6765)
o lua proto registration fails for uppercase proto /
g_ascii_strdown problem. (Bug 6766)
o no menu item Fle->Export->SSL Session Keys in GTK. (Bug 6813)
o IAX2 dissector reads past end of packet for unknown IEs. (Bug
6815)
o TShark 1.6.5 immediately crashes on SSL decryption (every
time). (Bug 6817)
o USB: unknown GET DESCRIPTOR response triggers assert failure.
(Bug 6826)
o IEEE1588 PTPv2 over IPv6. (Bug 6836)
o Patch to fix DTLS decryption. (Bug 6847)
o Expression... dialog crash. (Bug 6891)
o display filter "gtp.msisdn" not working. (Bug 6947)
o Multiprotocol Label Switching Echo - Return Code: Reserved
(5). (Bug 6951)
o ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972)
o Adding a Custom HTTP Header Field with a trailing colon causes
wireshark to immediately crash (and crash upon restart). (Bug
6982)
o Radiotap dissector lists a bogus "DBM TX Attenuation" bit.
(Bug 7000)
o MySQL dissector assertion. (Ask 8649)
o Radiotap header format data rate alignment issues. (Ask 8649)
- Updated Protocol Support
ANSI A, BSSGP, DIAMETER, DTLS, GOOSE, GSM Management, GTP, HTTP,
IAX2, IEEE 802.11, IPP, ISAKMP, ISO SSAP, MP2T, MPLS, MySQL, NTP,
PacketBB, PGM, Radiotap, SSL, TCP, UDP, USB, WSP
- New and Updated Capture File Support
Endace ERF, Pcap-NG, Tektronix K12
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2012-01
Laurent Butti discovered that Wireshark failed to properly
check record sizes for many packet capture file formats. (Bug
6663, bug 6666, bug 6667, bug 6668, bug 6669, bug 6670)
Versions affected: 1.4.0 to 1.4.10, 1.6.0 to 1.6.4.
o wnpa-sec-2012-02
Wireshark could dereference a NULL pointer and crash. (Bug
6634)
Versions affected: 1.4.0 to 1.4.10, 1.6.0 to 1.6.4.
o wnpa-sec-2012-03
The RLC dissector could overflow a buffer. (Bug 6391)
Versions affected: 1.4.0 to 1.4.10, 1.6.0 to 1.6.4.
The following bugs have been fixed:
o "Closing File!" Dialog Hangs. (Bug 3046)
o Sub-fields of data field should appear in exported PDML as
children of the data field instead of as siblings to it. (Bug
3809)
o Incorrect time differences displayed with time reference set.
(Bug 5580)
o Wrong packet type association of SNMP trap after TFTP
transfer. (Bug 5727)
o SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
o Export HTTP Objects -> save all crashes Wireshark. (Bug 6250)
o Wireshark Netflow dissector complains there is no template
found though the template is exported. (Bug 6325)
o DCERPC EPM tower UUID must be interpreted always as little
endian. (Bug 6368)
o Crash if no recent files. (Bug 6549)
o IPv6 frame containing routing header with 0 segments left
calculates wrong UDP checksum. (Bug 6560)
o IPv4 UDP/TCP Checksum incorrect if routing header present.
(Bug 6561)
o Incorrect Parsing of SCPS Capabilities Option introduced in
response to bug 6194. (Bug 6562)
o Various crashes after loading NetMon2.x capture file. (Bug
6578)
o Fixed compilation of dumpcap on some systems (when
MUST_DO_SELECT is defined). (Bug 6614)
o SIGSEGV in SVN 40046. (Bug 6634)
o Wireshark dissects TCP option 25 as an "April 1" option. (Bug
6643)
o ZigBee ZCL Dissector reports invalid status. (Bug 6649)
o ICMPv6 DNSSL option malformed on padding. (Bug 6660)
o Wrong tvb_get_bits function call in packet-csn1.c. (Bug 6708)
o [UDP] - Length Field of Pseudo Header while computing CheckSum
is not correct. (Bug 6711)
o pcapio.c: bug in libpcap_write_interface_description_block.
(Bug 6719)
o Memory leaks in various dissectors.
o Bytes highlighted in wrong Byte pane when field selected in
Details pane.
- Updated Protocol Support
BGP, BMC CSN1, DCERPC EPM, DCP(ETSI) DMP DTLS GSM Management, H245
HPTEAM, ICMPv6, IEEE 802.15.4 IPSEC IPv4, IPv6, ISAKMP KERBEROS
LDSS NFS RLC, RPC-NETLOGON RRC RTMPT SIGCOMP SSL SYSLOG TCP, UDP,
XML ZigBee ZCL
- New and Updated Capture File Support
Accellent 5Views, AIX iptrace, HP-UX nettl, I4B, Microsoft Network
Monitor, Novell LANalyzer, PacketLogger, Pcap-ng, Sniffer,
Tektronix K12, WildPackets {Airo,Ether}Peek.
- Bug Fixes
o Patch to fix memory leaks/errors in Lua plugin. (Bug 5575)
o Wireshark crashes if a field of type BASE_CUSTOM is applied as
a column. (Bug 6503)
o Filter Expression dialog can only be opened once. (Bug 6537)
o Wireshark crashes if compiled without GLib thread support.
(Bug 6540)
o 80211 QoS Control: Add Raw TID. (Bug 6548)
o SNMP length check error. (Bug 6564)
o UCP dissector bug of operation 61. (Bug 6570)
- The following vulnerabilities have been fixed.
o wnpa-sec-2011-17
The CSN.1 dissector could crash. (Bug 6351)
Versions affected: 1.6.0 to 1.6.2.
o wnpa-sec-2011-18
Huzaifa Sidhpurwala of Red Hat Security Response Team
discovered that the Infiniband dissector could dereference a
NULL pointer. (Bug 6476)
Versions affected: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2.
o wnpa-sec-2011-19
Huzaifa Sidhpurwala of Red Hat Security Response Team
discovered a buffer overflow in the ERF file reader. (Bug
6479)
Versions affected: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2.
- The following bugs have been fixed:
o Assertion failed when doing File->Quit->Save during live
capture. (Bug 1710)
o Wrong PCEP XRO sub-object decoding. (Bug 3778)
o Wireshark window takes very long time to show up if invalid
network file path is at recent file list (Bug 3810)
o Decoding [Status Records] Timestamp Sequence Field in Bundle
Protocol fails if over 32 bits. (Bug 4109)
o ISUP party number dissection. (Bug 5221)
o wireshark-1.4.2 crashes when testing the example python
dissector because of a dissector count assertion. (Bug 5431)
o Ethernet packets with both VLAN tag and LLC header no longer
displayed correctly. (Bug 5645)
o SLL encapsuled 802.1Q VLAN is not dissected. (Bug 5680)
o Wireshark crashes when attempting to open a file via drag &
drop when there's already a file open. (Bug 5987)
o Adding and removing custom HTTP headers requires a restart.
(Bug 6241)
o Can't read full 64-bit SNMP values. (Bug 6295)
o Dissection fails for frames with Gigamon Header and VLAN. (Bug
6305)
o RTP Stream Analysis does not work for TURN-encapsulated RTP.
(Bug 6322)
o packet-csn1.c doesn't process CSN_CHOICE entries properly.
(Bug 6328)
o BACnet property time-synchronization-interval (204) name shown
incorrectly as time-synchronization-recipients. (Bug 6336)
o GUI crash on invalid IEEE 802.11 GAS frame. (Bug 6345)
o [ASN.1 PER] Incorrect decoding of BIT STRING type. (Bug 6347)
o ICMPv6 router advertisement Prefix Information Flag R "Router
Address" missing. (Bug 6350)
o Export -> Object -> HTTP -> save all: Error on saving files.
(Bug 6362)
o Inner tag of 802.1ad frames not parsed properly. (Bug 6366)
o Added cursor type decoding to MySQL dissector. (Bug 6396)
o Incorrect identification of UDP-encapsulated NAT-keepalive
packets. (Bug 6414)
o WPA IE pairwise cipher suite dissector uses incorrect
value_string list. (Bug 6420)
o S1AP protocol can't decode IPv6 transportLayerAddress. (Bug
6435)
o RTPS2 dissector doesn't handle 0 in the octestToNextHeader
field. (Bug 6449)
o packet-ajp13 fix, cleanup, and enhancement. (Bug 6452)
o Network Instruments Observer file format bugs. (Bug 6453)
o Wireshark crashes when using "Open Recent" 2 times in a row.
(Bug 6457)
o Wireshark packet_gsm-sms, display bug: Filler bits in TP-User
Data Header. (Bug 6469)
o wireshark unable to decode NetFlow options which have system
scope size != 4 bytes. (Bug 6471)
o Display filter Expression Dialog Box Error. (Bug 6472)
o text_import_scanner.l missing. (Bug 6531)
- Updated Protocol Support
AJP13, ASN.1 PER, BACnet, CSN.1, DTN, Ethernet, ICMPv6, IEEE
802.11, IEEE 802.1q, Infiniband, IPsec, MySQL, PCEP, PN-RT, RTP,
S1AP, SSL
- New and Updated Capture File Support
Endace ERF.
* Bug Fixes
o wnpa-sec-2011-12
A large loop in the OpenSafety dissector could cause a crash.
o wnpa-sec-2011-13
A malformed IKE packet could consume excessive resources.
o wnpa-sec-2011-14
A malformed capture file could result in an invalid root tvbuff and cause a crash.
o wnpa-sec-2011-15
Wireshark could run arbitrary Lua scripts.
o wnpa-sec-2011-16
The CSN.1 dissector could crash.
The major changes since version 1.4.* are:
- Wireshark is now distributed as an installation package rather
than a drag-installer on OS X. The installer adds a startup
item that should make it easier to capture packets.
- Large file (greater than 2 GB) support has been improved.
- Wireshark and TShark can import text dumps, similar to
text2pcap.
- You can now view Wireshark's dissector tables (for example the
TCP port to dissector mappings) from the main window.
- Wireshark can export SSL session keys via File→Export→SSL
Session Keys...
- TShark can show a specific occurrence of a field when using
'-T fields'.
- Custom columns can show a specific occurrence of a field.
- You can hide columns in the packet list.
- Wireshark can now export SMB objects.
- dftest and randpkt now have manual pages.
- TShark can now display iSCSI, ICMP and ICMPv6 service response
times.
- Dumpcap can now save files with a user-specified group id.
- Syntax checking is done for capture filters.
- You can display the compiled BPF code for capture filters in
the Capture Options dialog.
- You can now navigate backwards and forwards through TCP and
UDP sessions using Ctrl+, and Ctrl+. .
- Packet length is (finally) a default column.
- TCP window size is now avaiable both scaled and unscaled. A
TCP window scaling graph is available in the GUI.
- 802.1q VLAN tags are now shown in the Ethernet II protocol
tree instead of a separate tree.
- Various dissectors now display some UTF-16 strings as proper
Unicode including the DCE/RPC and SMB dissectors.
- The RTP player now has an option to show the time of day in
the graph in addition to the seconds since beginning of
capture.
- The RTP player now shows why media interruptions occur.
- Graphs now save as PNG images by default.
- TShark can read and write host name information from and to
pcapng-formatted files. Wireshark can read it. TShark can dump
host name information via
[-z hosts]
.
- TShark's -z option now uses the
[-z <proto>,srt]
syntax instead of
[-z <proto>,rtt]
for all protocols that support service response time
statistics. This matches Wireshark's syntax for this option.
- Wireshark and TShark can now read compressed Windows Sniffer
files.
- New Protocol Support
ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing
Protocol, Broadcast/Multicast Control, Constrained Application
Protocol (COAP), Digium TDMoE, Erlang Distribution Protocol,
Ether-S-I/O, FastCGI, Fibre Channel over InfiniBand (FCoIB),
Gopher, Gigamon GMHDR, IDMP, Infiniband Socket Direct Protocol
(SDP), JSON, LISP Control, LISP Data, LISP, MikroTik MAC-Telnet,
MRP Multiple Mac Registration Protocol (MMRP) Mongo Wire Protocol,
MUX27010, Network Monitor 802.11 radio header, OPC UA
ExtensionObjects, openSAFETY, PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD
Framing, RObust Header Compression (ROHC), RSIP, SAMETIME, SCoP,
SGSAP, Tektronix Teklink, USB/AT Commands, uTorrent Transport
Protocol, WAI authentication, Wi-Fi P2P (Wi-Fi Direct)
- New and Updated Capture File Support
Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP
OpenVMS TCPTrace, IPFIX (the file format, not the protocol),
Lucent/Ascend debug, Microsoft Network Monitor, Network
Instruments, TamoSoft CommView
- Bug Fixes
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Lucent/Ascend file parser was susceptible to an infinite
loop.
Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0.
CVE-2011-2597
o The ANSI MAP dissector was susceptible to an infinite loop.
(Bug 6044)
Versions affected: 1.4.0 to 1.4.7, and 1.6.0.
CVE-2011-????
- The following bugs have been fixed:
o TCP dissector doesn't decode TCP segments of length 1. (Bug
4716)
o Wireshark 1.4.0rc1 and python - spurious message. (Bug 4878)
o Missing LUA function. (Bug 5006)
o Lua API description about creating a new Tvb from a bytearray
is not correct in wireshark's user guide. (Bug 5199)
o sflow decode error for some extended formats. (Bug 5379)
o White space in protocol field abbreviation causes runtime
failure while registering Lua dissector. (Bug 5569)
o "File not found" box uses wrong filename encoding. (Bug 5715)
o capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too
many. (Bug 5803)
o Wireshark crashes if Lua contains "Pref.range()" with missing
arguments. (Bug 5895)
o The "range" field in Lua's "Pref.range()" serves as default
while the "default" field does nothing. (Bug 5896)
o Wireshark crashes when calling TreeItem:set_len() on TreeItem
without tvb. (Bug 5941)
o TvbRange_string(lua_State* L) call a wrong function. (Bug
5960)
o VoIP call flow graph displays BICC APM as a BICC ANM. (Bug
5966)
o H323 rate multiplier wrong. (Bug 6009)
o tshark crashes when loading Lua script that contains GUI
function. (Bug 6018)
o 802.11 Disassociation Packet's "Reason Code" field is
imprecisely decoded/described. (Bug 6022)
o Wireshark crashes when setting custom column's field name with
conditional. (Bug 6028)
o GTS Descriptor count limited to 3 instead of 7. (Bug 6055)
o The SSL dissector can not resemble correctly the frames after
TCP zero window probe packet. (Bug 6059)
o Packet parser takes too long for this trace. (Bug 6073)
o 802.11 Association Response Packet's "Status Code" field is
imprecisely decoded/described. (Bug 6093)
o Wireshark 1.6.0 and Python support: installer fails to create
the wspy_dissectors subdirectory and . (Bug 6110)
o Wireshark crash during RTP stream analysis. (Bug 6120)
o Tshark custom columns: Why don't I get an error message? (Bug
6131)
- Updated Protocol Support
ANSI MAP, GIOP, H.323, IEEE 802.11, MSRP, RPCAP, sFlow, TCP,
- New and Updated Capture File Support
Lucent/Ascend.
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o Large/infinite loop in the DICOM dissector. (Bug 5876)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Diameter dictionary file could
crash Wireshark.
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted snoop file could crash Wireshark.
(Bug 5912)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o David Maciejak of Fortinet's FortiGuard Labs discovered that
malformed compressed capture data could crash Wireshark. (Bug
5908)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Visual Networks file could crash
Wireshark. (Bug 5934)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
- The following bugs have been fixed:
o AIM dissector has some endian issues. (Bug 5464)
o Telephony→MTP3→MSUS doesn't display window. (Bug 5605)
o Support for MS NetMon 3.x traces containing raw IPv6 ("Type
7") packets. (Bug 5817)
o Service Indicator in M3UA protocol data. (Bug 5834)
o IEC60870-5-104 protocol, incorrect decoding of timestamp type
CP56Time2a. (Bug 5889)
o DNP3 dissector incorrect constants AL_OBJ_FCTR_16NF
_FDCTR_32NF _FDCTR_16NF. (Bug 5920)
o 3GPP QoS: Traffic class is not decoded properly. (Bug 5928)
o Wireshark crashes when creating ProtoField.framenum in Lua.
(Bug 5930)
o Fix a wrong mask to extract FMID from DECT packets dissector.
(Bug 5947)
o Incorrect DHCPv6 remote identifier option parsing. (Bug 5962)
- Updated Protocol Support
DICOM, IEC104, M3UA, TCP,
- New and Updated Capture File Support
Network Monitor.
