- Bug Fixes
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Lucent/Ascend file parser was susceptible to an infinite
loop.
Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0.
CVE-2011-2597
o The ANSI MAP dissector was susceptible to an infinite loop.
(Bug 6044)
Versions affected: 1.4.0 to 1.4.7, and 1.6.0.
CVE-2011-????
- The following bugs have been fixed:
o TCP dissector doesn't decode TCP segments of length 1. (Bug
4716)
o Wireshark 1.4.0rc1 and python - spurious message. (Bug 4878)
o Missing LUA function. (Bug 5006)
o Lua API description about creating a new Tvb from a bytearray
is not correct in wireshark's user guide. (Bug 5199)
o sflow decode error for some extended formats. (Bug 5379)
o White space in protocol field abbreviation causes runtime
failure while registering Lua dissector. (Bug 5569)
o "File not found" box uses wrong filename encoding. (Bug 5715)
o capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too
many. (Bug 5803)
o Wireshark crashes if Lua contains "Pref.range()" with missing
arguments. (Bug 5895)
o The "range" field in Lua's "Pref.range()" serves as default
while the "default" field does nothing. (Bug 5896)
o Wireshark crashes when calling TreeItem:set_len() on TreeItem
without tvb. (Bug 5941)
o TvbRange_string(lua_State* L) call a wrong function. (Bug
5960)
o VoIP call flow graph displays BICC APM as a BICC ANM. (Bug
5966)
o H323 rate multiplier wrong. (Bug 6009)
o tshark crashes when loading Lua script that contains GUI
function. (Bug 6018)
o 802.11 Disassociation Packet's "Reason Code" field is
imprecisely decoded/described. (Bug 6022)
o Wireshark crashes when setting custom column's field name with
conditional. (Bug 6028)
o GTS Descriptor count limited to 3 instead of 7. (Bug 6055)
o The SSL dissector can not resemble correctly the frames after
TCP zero window probe packet. (Bug 6059)
o Packet parser takes too long for this trace. (Bug 6073)
o 802.11 Association Response Packet's "Status Code" field is
imprecisely decoded/described. (Bug 6093)
o Wireshark 1.6.0 and Python support: installer fails to create
the wspy_dissectors subdirectory and . (Bug 6110)
o Wireshark crash during RTP stream analysis. (Bug 6120)
o Tshark custom columns: Why don't I get an error message? (Bug
6131)
- Updated Protocol Support
ANSI MAP, GIOP, H.323, IEEE 802.11, MSRP, RPCAP, sFlow, TCP,
- New and Updated Capture File Support
Lucent/Ascend.
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o Large/infinite loop in the DICOM dissector. (Bug 5876)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Diameter dictionary file could
crash Wireshark.
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted snoop file could crash Wireshark.
(Bug 5912)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o David Maciejak of Fortinet's FortiGuard Labs discovered that
malformed compressed capture data could crash Wireshark. (Bug
5908)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Visual Networks file could crash
Wireshark. (Bug 5934)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
- The following bugs have been fixed:
o AIM dissector has some endian issues. (Bug 5464)
o Telephony→MTP3→MSUS doesn't display window. (Bug 5605)
o Support for MS NetMon 3.x traces containing raw IPv6 ("Type
7") packets. (Bug 5817)
o Service Indicator in M3UA protocol data. (Bug 5834)
o IEC60870-5-104 protocol, incorrect decoding of timestamp type
CP56Time2a. (Bug 5889)
o DNP3 dissector incorrect constants AL_OBJ_FCTR_16NF
_FDCTR_32NF _FDCTR_16NF. (Bug 5920)
o 3GPP QoS: Traffic class is not decoded properly. (Bug 5928)
o Wireshark crashes when creating ProtoField.framenum in Lua.
(Bug 5930)
o Fix a wrong mask to extract FMID from DECT packets dissector.
(Bug 5947)
o Incorrect DHCPv6 remote identifier option parsing. (Bug 5962)
- Updated Protocol Support
DICOM, IEC104, M3UA, TCP,
- New and Updated Capture File Support
Network Monitor.
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The NFS dissector could crash on Windows. (Bug 5209)
Versions affected: 1.4.0 to 1.4.4.
o The X.509if dissector could crash. (Bug 5754, Bug 5793)
Versions affected: 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4.
o Paul Makowski from SEI/CERT discovered that the DECT dissector
could overflow a buffer. He verified that this could allow
remote code execution on many platforms.
Versions affected: 1.4.0 to 1.4.4.
The following bugs have been fixed:
o Export HTTP > All - System Appears Hung (but isn't). (Bug 1671)
o Some HTTP responses don't decode with TCP reassembly on. (Bug 3785)
o Wireshark crashes when cancelling a large sort operation. (Bug 5189)
o Wireshark crashes if SSL preferences RSA key is actually a DSA key.
(Bug 5662)
o tshark incorrectly calculates TCP stream for some syn packets.
(Bug 5743)
o Wireshark not able to decode the PPP frame in a sflow
(RFC3176) flow sample packet because Wireshark incorrectly
read the protocol in PPP frame header. (Bug 5746)
o Mysql protocol dissector: all fields should be little endian.
(Bug 5759)
o Error when opening snoop from Juniper SSG-140. (Bug 5762)
o svnversion: command not found. (Bug 5798)
o capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too
many. (Bug 5803)
o Value of TCP segment data cannot be copied. (Bug 5811)
o proto_field_is_referenced() is not exported in
libwireshark.dll. (Bug 5816)
o Wireshark ver. 1.4.4 not displayed "Granted QoS" field in a
A11 packet. (Bug 5822)
- Updated Protocol Support
HTTP, LDAP, MySQL, NFS, sFlow, SSL, TCP
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that Wireshark could free an uninitialized pointer
while reading a malformed pcap-ng file. (Bug 5652)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
CVE-2011-0538
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a large packet length in a pcap-ng file could
crash Wireshark. (Bug 5661)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
o Wireshark could overflow a buffer while reading a Nokia DCT3
trace file. (Bug 5661)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
CVE-2011-0713
o Paul Makowski working for SEI/CERT discovered that Wireshark
on 32 bit systems could crash while reading a malformed
6LoWPAN packet. (Bug 5661)
Versions affected: 1.4.0 to 1.4.3.
o joernchen of Phenoelit discovered that the LDAP and SMB
dissectors could overflow the stack. (Bug 5717)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior
versions including 1.0.x are also affected.)
o Xiaopeng Zhang of Fortinet's Fortiguard Labs discovered that
large LDAP Filter strings can consume excessive amounts of
memory. (Bug 5732)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior
versions including 1.0.x are also affected.)
The following bugs have been fixed:
o A TCP stream would not always be recognized as the same
stream. (Bug 2907)
o Wireshark Crashing by pressing 2 Buttons. (Bug 4645)
o A crash can occur in the NTLMSSP dissector. (Bug 5157)
o The column texts from a Lua dissector could be mangled. (Bug
5326) (Bug 5630)
o Corrections to ANSI MAP ASN.1 specifications. (Bug 5584)
o When searching in packet bytes, the field and bytes are not
immediately shown. (Bug 5585)
o Malformed Packet: ULP reported when dissecting ULP SessionID
PDU. (Bug 5593)
o Wrong IEI in container of decode_gtp_mm_cntxt. (Bug 5598)
o Display filter does not work for expressions of type BASE_DEC,
BASE_DEC_HEX and BASE_HEX_DEC. (Bug 5606)
o NTLMSSP dissector may fail to compile due to space embedded in
C comment delimiters. (Bug 5614)
o Allow for name resolution of link-scope and multicast IPv6
addresses from local host file. (Bug 5615)
o DHCPv6 dissector formats DUID_LLT time incorrectly. (Bug 5627)
o Allow for IEEE 802.3bc-2009 style PoE TLVs. (Bug 5639)
o Various fixes to the HIP packet dissector. (Bug 5646)
o Display "Day of Year" for January 1 as 1, not 0. (Bug 5653)
o Accommodate the CMake build on Ubuntu 10.10. (Bug 5665)
o E.212 MCC 260 Poland update according to local national
regulatory. (Bug 5668)
o IPP on ports other than 631 not recognized. (Bug 5677)
o Potential access violation when writing to LANalyzer files.
(Bug 5698)
o IEEE 802.15.4 Superframe Specification - Final CAP Slot always
0. (Bug 5700)
o Peer SRC and DST AS numbers are swapped for cflow. (Bug 5702)
o dumpcap: -q option behavior doesn't match documentation. (Bug
5716)
- Updated Protocol Support
ANSI MAP, BitTorrent, DCM, DHCPv6, DTAP, DTPT, E.212, GSM
Management, GTP, HIP, IEEE 802.15.4, IPP, LDAP, LLDP, Netflow,
NTLMSSP, P_Mul, Quake, Skinny, SMB, SNMP, ULP
- New and Updated Capture File Support
LANalyzer, Nokia DCT3, Pcap-ng
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
- FRAsse discovered that the MAC-LTE dissector could overflow a
buffer. (Bug 5530)
Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2.
- FRAsse discovered that the ENTTEC dissector could overflow a
buffer. (Bug 5539)
Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2.
CVE-2010-4538
- The ASN.1 BER dissector could assert and make Wireshark exit
prematurely. (Bug 5537)
Versions affected: 1.4.0 to 1.4.2.
The following bugs have been fixed:
- AMQP failed assertion. (Bug 4048)
- Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
- Fuzz testing reports possible dissector bug: TCP. (Bug 4211)
- Wrong length calculation in new_octet_aligned_subset_bits()
(PER dissector). (Bug 5393)
- Function dissect_per_bit_string_display might read more bytes
than available (PER dissector). (Bug 5394)
- Cannot load wpcap.dll & packet.dll from Wireshark program
directory. (Bug 5420)
- Wireshark crashes with Copy -> Description on date/time
fields. (Bug 5421)
- DHCPv6 OPTION_CLIENT_FQDN parse error. (Bug 5426)
- Information element Error for supported channels. (Bug 5430)
- Assert when using ASN.1 dissector with loading a 'type table'.
(Bug 5447)
- Bug with RWH parsing in Infiniband dissector. (Bug 5444)
- Help->About Wireshark mis-reports OS. (Bug 5453)
- Delegated-IPv6-Prefix(123) is shown incorrect as
X-Ascend-Call-Attempt-Limit(123). (Bug 5455)
- "tshark -r file -T fields" is truncating exported data. (Bug 5463)
- gsm_a_dtap: incorrect "Extraneous Data" when decoding Packet
Flow Identifier. (Bug 5475)
- Improper decode of TLS 1.2 packet containing both
CertificateRequest and ServerHelloDone messages. (Bug 5485)
- LTE-PDCP UL and DL problem. (Bug 5505)
- CIGI 3.2/3.3 support broken. (Bug 5510)
- Prepare Filter in RTP Streams dialog does not work correctly.
(Bug 5513)
- Wrong decode at ethernet OAM Y.1731 ETH-CC. (Bug 5517)
- WPS: RF bands decryption. (Bug 5523)
- Incorrect LTP SDNV value handling. (Bug 5521)
- LTP bug found by randpkt. (Bug 5323)
- Buffer overflow in SNMP EngineID preferences. (Bug 5530)
- Updated Protocol Support
AMQP, ASN.1 BER, ASN.1 PER, CFM, CIGI, DHCPv6, Diameter, ENTTEC,
GSM A GM, IEEE 802.11, InfiniBand, LTE-PDCP, LTP, MAC-LTE, MP2T,
RADIUS, SAMR, SCCP, SIP, SNMP, TCP, TLS, TN3270, UNISTIM, WPS
- New and Updated Capture File Support
Endace ERF, Microsoft Network Monitor, VMS TCPtrace.
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
- Nephi Johnson of BreakingPoint discovered that the LDSS
dissector could overflow a buffer. (Bug 5318)
Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1.
- The ZigBee ZCL dissector could go into an infinite loop. (Bug 5303)
Versions affected: 1.4.0 to 1.4.1.
- The following bugs have been fixed:
- File-Open Display Filter is overwritten by Save-As Filename. (Bug 3894)
- Wireshark crashes with "Gtk-ERROR **: Byte index 6 is off the
end of the line" if click on last PDU. (Bug 5285)
- GTK-ERROR can occur in packets when there are multiple
Netbios/SMB headers in a single frame. (Bug 5289)
- "Tshark -G values" crashes on Windows. (Bug 5296)
- PROFINET I&M0FilterData packet not fully decoded. (Bug 5299)
- PROFINET MRP linkup/linkdown decoding incorrect. (Bug 5300)
- [lua] Dumper:close() will cause a segfault due later GC of the
Dumper. (Bug 5320)
- Network Instruments' trace files sometimes cannot be read with
an error message of "Observer: bad record: Invalid magic
number". (Bug 5330)
- IO Graph Time of Day times incorrect for filtered data. (Bug
5340)
- Wireshark tools do not detect and read some ERF files
correctly. (Bug 5344)
- "editcap -h" sends some lines to stderr and others to stdout.
(Bug 5353)
- IP Timestamp Option: "flag=3" variant (prespecified) not
displayed correctly. (Bug 5357)
- AgentX PDU Header 'hex field highlighting' incorrectly spans
extra bytes. (Bug 5364)
- AgentX dissector cannot handle null OID in Open-PDU. (Bug
5368)
- Crash with "Gtk-ERROR **: Byte index 6 is off the end of the
line". (Bug 5374)
- ANCP Portmanagment TLV wrong decoded. (Bug 5388)
- Crash during startup because of Python SyntaxError in
wspy_libws.py. (Bug 5389)
- Updated Protocol Support
AgentX, ANCP, DIAMETER, HTTP, IP, LDSS, MIME, NBNS, PROFINET, SIP,
TCP, Telnet, ZigBee
- New and Updated Capture File Support
Endace ERF, Network Instruments Observer.
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Penetration Test Team of NCNIPC (China) discovered that
the ASN.1 BER dissector was susceptible to a stack overflow.
(Bug 5230)
[A patch for this bug was already in version 1.4.0 in "pkgsrc".]
- The following bugs have been fixed:
o Incorrect behavior using sorting in the packet list. (Bug
2225)
o Cooked-capture dissector should omit the source address field
if empty. (Bug 2519)
o MySQL dissector doesn't dissect MySQL stream. (Bug 2691)
o Wireshark crashes if active display filter macro is renamed.
(Bug 5002)
o Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076)
o TCP bytes_in_flight becomes inflated with lost packets. (Bug
5132)
o GTP header is exported in PDML with an incorrect size. (Bug
5162)
o Packet list hidden columns will not be parsed correctly from
preferences file. (Bug 5163)
o Wireshark does not display the t.38 graph. (Bug 5165)
o Wireshark don't show mgcp calls in "Telephony → VoIP calls".
(Bug 5167)
o Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug
5172)
o GTPv2: IMSI is decoded improperly. (Bug 5179)
o [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug
5186)
o Wireshark mistakenly writes "not all data available" for IPv4
checksum. (Bug 5194)
o GSM: Cell Channel Description, range 1024 format. (Bug 5214)
o Wrong SDP interpretation on VoIP call flow chart. (Bug 5220)
o The CLDAP attribute value on a CLDAP reply is no longer being
decoded. (Bug 5239)
o [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243)
o [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug
5246)
o NTLMSSP_AUTH domain and username truncated to first letter
with IE8/Windows7 (generating the NTLM packet). (Bug 5251)
o IPv6 RH0: dest addr is to be used i.s.o. last RH address when
0 segments remain. (Bug 5252)
o EIGRP dissection error in Flags field in external route TLVs.
(Bug 5261)
o MRP packet is not correctly parsed in PROFINET multiple write
record request. (Bug 5267)
o MySQL Enhancement: support of Show Fields and bug fix. (Bug
5271)
o [NAS EPS] Fix TFT decoding when having several Packet Filters
defined. (Bug 5274)
o Crash if using ssl.debug.file with no password for
ssl.keys_list. (Bug 5277)
- Updated Protocol Support
ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP,
GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL,
NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP
Approved by Alistair Crooks.
- The following bugs have been fixed:
- Update time display in background. (Bug 1275)
- Tshark returns 0 even with an invalid interface or capture
filter. (Bug 4735)
- The following features are new (or have been significantly
updated) since version 1.2:
- The packet list internals have been rewritten and are now more
efficient.
- Columns are easier to use. You can add a protocol field as a
column by right-clicking on its packet detail item, and you
can adjust some column preferences by right-clicking the
column header.
- Preliminary Python scripting support has been added.
- Many memory leaks have been fixed.
- Packets can now be ignored (excluded from dissection), similar
to the way they can be marked.
- Manual IP address resolution is now supported.
- Columns with seconds can now be displayed as hours, minutes
and seconds.
- You can now set the capture buffer size on UNIX and Linux if
you have libpcap 1.0.0 or greater.
- TShark no longer needs elevated privileges on UNIX or Linux to
list interfaces. Only dumpcap requires privileges now.
- Wireshark and TShark can enable 802.11 monitor mode directly
if you have libpcap 1.0.0 or greater.
- You can play RTP streams directly from the RTP Analysis
window.
- Capinfos and editcap now respectively support time order
checking and forcing.
- Wireshark now has a "jump to timestamp" command-line option.
- You can open JPEG files directly in Wireshark.
- New Protocol Support
3GPP Nb Interface RTP Multiplex, Access Node Control Protocol,
Apple Network-MIDI Session Protocol, ARUBA encapsulated remote
mirroring, Assa Abloy R3, Asynchronous Transfer Mode, B.A.T.M.A.N.
Advanced Protocol, Bluetooth AMP Packet, Bluetooth OBEX, Bundle
Protocol, CIP Class Generic, CIP Connection Configuration Object,
CIP Connection Manager, CIP Message Router, collectd network data,
Control And Provisioning of Wireless Access Points, Controller
Area Network, Device Level Ring, DOCSIS Bonded Initial Ranging
Message, Dropbox LAN sync Discovery Protocol, Dropbox LAN sync
Protocol, DTN TCP Convergence Layer Protocol, EtherCAT Switch
Link, Fibre Channel Delimiters, File Replication Service DFS-R,
Gateway Load Balancing Protocol, Gigamon Header, GigE Vision
Control Protocol, Git Smart Protocol, GSM over IP ip.access CCM
sub-protocol, GSM over IP protocol as used by ip.access, GSM
Radiotap, HI2Operations, Host Identity Protocol, HP encapsulated
remote mirroring, HP NIC Teaming Heartbeat, IEC61850 Sampled
Values, IEEE 1722 Protocol, InfiniBand Link, Interlink Protocol,
IPv6 over IEEE 802.15.4, ISO 10035-1 OSI Connectionless
Association Control Service, ISO 9548-1 OSI Connectionless Session
Protocol, ISO 9576-1 OSI Connectionless Presentation Protocol,
ITU-T Q.708 ISPC Analysis, Juniper Packet Mirror, Licklider
Transmission Protocol, MPLS PW ATM AAL5 CPCS-SDU mode
encapsulation, MPLS PW ATM Cell Header, MPLS PW ATM Control Word,
MPLS PW ATM N-to-One encapsulation, no CW, MPLS PW ATM N-to-One
encapsulation, with CW, MPLS PW ATM One-to-One or AAL5 PDU
encapsulation, Multiple Stream Reservation Protocol, NetPerfMeter
Protocol, NetScaler Trace, NexusWare C7 MTP, NSN FLIP, OMRON FINS
Protocol, packetbb Protocol, Peer Network Resolution Protocol,
PKIX Attribute Certificate, Pseudowire Padding, Server/Application
State Protocol, Solaris IPNET, TN3270 Protocol, TN5250 Protocol,
TRILL, Twisted Banana, UMTS FP Hint, UMTS MAC, UMTS Metadata, UMTS
RLC, USB HID, USB HUB, UTRAN Iuh interface HNBAP signalling, UTRAN
Iuh interface RUA signalling, V5.2, Vendor Specific Control
Protocol, Vendor Specific Network Protocol, VMware Lab Manager,
VXI-11 Asynchronous Abort, VXI-11 Core Protocol, VXI-11 Interrupt,
X.411 Message Access Service, ZigBee Cluster Library
- Updated Protocol Support
There are too many to list here.
- New and Updated Capture File Support
Accellent 5Views, ASN.1 Basic Encoding Rules, Catapult DCT2000,
Daintree SNA, Endace ERF, EyeSDN, Gammu DCT3 trace, IBM iSeries,
JPEG/JFIF, libpcap, Lucent/Ascend access server trace, NetScaler,
PacketLogger, pcapng, Shomiti/Finisar Surveyor, Sun snoop, Symbian
OS btsnoop, Visual Networks
Pkgsrc changes:
A fix for the security vulnerability reported in SA41535 has been
integrated from the Wireshark SVN repository.
- Bug Fixes
o The SigComp Universal Decompressor Virtual Machine could
overrun a buffer. (Bug 4867)
Versions affected: 0.10.8 to 1.0.14, 1.2.0 to 1.2.9
CVE-2010-2287
o The GSM A RR dissector could crash. (Bug 4897)
Versions affected: 1.2.2 to 1.2.9
o Due to a regression the ASN.1 BER dissector could overrun the stack.
Versions affected: 0.10.13 to 1.0.14, 1.2.0 to 1.2.9
CVE-2010-2284
o The IPMI dissector could go into an infinite loop.
Versions affected: 1.2.0 to 1.2.9
- The following bugs have been fixed:
o Wireshark crashes after configuring new Information column.
(Bug 4854)
o Crash triggered when changing display filter from right-mouse
pop-up menu via packet-list. (Bug 4860)
o Wireshark crash selecting Inter-Asterisk exchange v2 packet
data. (Bug 4868)
o zlib-1.2.5 cause tshark to stop live capture. (Bug 4916)
o Crash when adding SNMP users. (Bug 4926)
o Wireshark via ssh -X on ipv6 link-local address fails to allow
capture. (Bug 4945)
o OMAPI dissector fails to parse combined initialization
messages. (Bug 4982)
o QUERY_FS_INFO for Macintosh level 0x301 - MacSupportFlags
decodes wrong. (Bug 4993)
o SCSI dissector misidentifies ATA PASSTHROUGH command as ACCESS
CONTROL IN. (Bug 5037)
o Wrong decoding of GTP Prime (GTP') packets. (Bug 5055)
- Updated Protocol Support
ASN.1 BER, GSM A RR, GTP, IAX2, IPMI, OMAPI, PRES, SCSI, SMB, UNISTIM
(missed those and *emacs* the first time round because they pull
in their png dependencies via default-on options; they were included
in the test bulk build though)
- Bug Fixes
- The following vulnerabilities have been fixed.
- The SMB dissector could dereference a NULL pointer. (Bug 4734)
- J. Oquendo discovered that the ASN.1 BER dissector could overrun
the stack.
- The SMB PIPE dissector could dereference a NULL pointer on some
platforms.
- The SigComp Universal Decompressor Virtual Machine could go into an
infinite loop. (Bug 4826)
- The SigComp Universal Decompressor Virtual Machine could overrun
a buffer. (Bug 4837)
- The following bugs have been fixed:
- Cannot open file with File -> Open. (Bug 1791)
- Application crash when changing real-time option. (Bug 4035)
- Crash in filter autocompletion. (Bug 4306)
- The XML dissector doesn't allow dots (".") in tags. (Bug 4405)
- Live capture stops when using zlib 1.2.5. (Bug 4708)
- Want to be able to apply decode as to Data Portion of Lan Trace.
(Bug 4721)
- SABP short pdu (packet_per.c). (Bug 4743)
- Kerberos pre-auth type constants - MS extensions are wrong. (Bug 4752)
- Check HTTP Content-Length parsing for overflow. (Bug 4758)
- Wrong variable used for proto_tree_add_text() in ptp dissector.
(Bug 4773)
- Crash when close window frame of gtk file chooser. (Bug 4778)
- Wrong decoding for BGP ORF. (Bug 4782)
- Crash when Ctrl-Backspacing the display filter. (Bug 4797)
- Acker AFI field incorrect size in PGM dissector. (Bug 4798)
- Fedora 13: wireshark fails to build (linking problem). (Bug 4815)
- The NFS FH hash (nfs.fh.hash) incorrectly matches multiple filehandles.
(Bug 4839)
- AES-CTR decoding not working, (dissectors/packet_ipsec.c using gcrypt).
(Bug 4838)
- Updated Protocol Support
ASN.1 BER, BGP, HTTP, IGMP, IPsec, Kerberos, NFS, PGM, PTP, SABP, SigComp,
SMB, TCAP, XML,
- Updated Capture File Support
ERF, PacketLogger.
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The DOCSIS dissector could crash. (Bug 4644), (bug 4646) -->
Versions affected: 0.9.6 to 1.0.12, 1.2.0 to 1.2.7
- The following bugs have been fixed:
o HTTP parser limits with Content-Length. (Bug 1958)
o MATE dissector bug with GOGs. (Bug 3010)
o Changing fonts and deleting system time from preferences,
results in wireshark crash. (Bug 3387)
o ERF file starting with record with timestamp=0,1 or 2 not
recognized as ERF file. (Bug 4503)
o The SSL dissector can not correctly resemple SSL records when
the record header is spit between packets. (Bug 4535)
o TCP reassembly can call subdissector with incorrect TCP
sequence number. (Bug 4624)
o PTP dissector displays big correction field values wrong. (Bug
4635)
o MSF is at Anthorn, not Rugby. (Bug 4678)
o ProtoField __tostring() description is missing in Wireshark's
Lua API Reference Manual. (Bug 4695)
o EVRC packet bundling not handled correctly. (Bug 4718)
o Completely unresponsive when run very first time by root user.
(Bug 4308)
- Updated Protocol Support: DOCSIS, HTTP, SSL
- Updated Capture File Support: ERF, PacketLogger.
Bug fixes:
- SNMPv3 Engine ID registration. (Bug 2426)
- Open file dialog always displayed when clicking anywhere on
Wireshark. (Bug 2478)
- tshark reports wrong number of bytes on big dumpfiles with -z
io,stat. (Bug 3205)
- Negative INTEGER number displayed as positive number in SNMP
dissector. (Bug 3230)
- Add support for FT_BOOLEAN fields to wslua FieldInfo. (Bug 4049)
- Wireshark crashes w/ GLib error when trying to play RTP
stream. (Bug 4119)
- Windows 2000 support has been restored. (Bug 4176)
- Wrong dissection on be_cell_id_list for bssmap. (Bug 4437)
- I/O Graph dropdown boxes not working correctly. (Bug 4487)
- Runtime Error when right-clicking field and selecting "Filter
Field Reference". (Bug 4522)
- In GSM SMS PDU TPVPF showing wrong. (Bug 4524)
- Profinet: May be wrong defined byte meaning. (Bug 4525)
- GLib-CRITICAL ** Message. (Bug 4547)
- Certain EDP display filters trigger Wireshark/tshark runtime
error. (Bug 4563)
- Some NCP frames trigger "Dissector bug, protocol NCP". (Bug 4565)
- The encapsulation abbreviation "bluetooth-h4" is ambiguous.(Bug 4613)
Updated Protocol Support:
- BSSMAP, DMP, GSM SMS, LDSS, NCP, PN/IO, PPP, SIP, SNMP
Requested by Alistair Crooks.
Changes since 1.2.4:
Bugfixes:
* The following vulnerabilities have been fixed. See the security advisory
for details and a workaround.
* The Daintree SNA file parser could overflow a buffer. (Bug 4294)
* The SMB and SMB2 dissectors could crash. (Bug 4301)
* The IPMI dissector could crash on Windows. (Bug 4319)
* Wireshark does not graph rtp streams. (Bug 3801)
* Wireshark showing extraneous data in a TCP stream. (Bug 3955)
* Wrong decoding of gtp.target identification. (Bug 3974)
* TTE dissector bug. (Bug 4247)
* Upper case in Lua pref symbol causes Wireshark to crash. (Bug 4255)
* OpenBSD 4.5 build fails at epan/dissectors/packet-rpcap.c. (Bug 4258)
* Incorrect display of stream data using "Follow tcp stream" option. (Bug 4288)
* Custom RADIUS dictionary can cause a crash. (Bug 4316)
Updated Protocol Support:
* DAP, eDonkey, GTP, IPMI, MIP, RADIUS, RANAP, SMB, SMB2, TCP, TTE, VNC,
X.509sat
Updated Capture File Support:
* Daintree SNA.
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Paltalk dissector could crash on alignment-sensitive
processors. (Bug 3689)
Versions affected: 1.2.0 to 1.2.2
o The DCERPC/NT dissector could crash.
Versions affected: 0.10.10 to 1.2.2
o The SMB dissector could crash.
Versions affected: 1.2.0 to 1.2.2
- The following bugs have been fixed:
o Wireshark memory leak with each file open and/or display
filter change. (Bug 2375)
o DHCP Dissector displays negative lease time. (Bug 2733)
o Invalid advertised window line on tcptrace style graph. (Bug
3417)
o SMB get_dfs_referral referral entry is not dissected
correctly. (Bug 3542)
o Error dissecting eMule sourceOBFU message. (Bug 3848)
o Typos in Diameter XML files. (Bug 3878)
o RSL dissector for MS Power IE is broken. (Bug 4017)
o Manifest problem in 1.2.2 Win64 build. (Bug 4024)
o FIP dissector throws assertion. (Bug 4046)
o TCAP problem with indefinite length 'components' SEQ OF. (Bug
4053)
o GSM MAP: an-APDU not decoded. (Bug 4095)
o Add "Drag and Drop entries..." message on Columns preferences
page. (Bug 4099)
o Editcap -t and -w option parses fractional digits incorrectly.
(Bug 4162)
- Updated Protocol Support
DCERPC NT, DHCP, Diameter, E.212, eDonkey, FIP, IPsec, MGCP, NCP,
Paltalk, RADIUS, RSL, SBus, SMB, SNMP, SSL, TCP, Teamspeak2, WPS
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
- The GSM A RR dissector could crash.
Versions affected: 1.2.0 to 1.2.1
- The OpcUa dissector could use excessive CPU and memory.
Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1
- The TLS dissector could crash on some platforms.
Versions affected: 1.2.0 to 1.2.1
- The following bugs have been fixed:
- The "Capture->Interfaces" window can't be closed. (Bug 1740)
- tshark-1.0.2 (dumpcap) signal abort core saved. (Bug 2767)
- Memory leak fixes. (Bug 3330)
- Display filter autocompletion doesn't work for some RADIUS and
WiMAX ASNCP fields. (Bug 3538)
- Wireshark Portable includes wrong WinPcap installer. (Bug
3547)
- Crash when loading a profile. (Bug 3640)
- The proto,colinfo tap doesn't work if the INFO column isn't
being printed. (Bug 3675)
- Flow Graph adds too much unnecessary garbage. (Bug 3693)
- The EAP Diameter dictionary file was missing in the
distribution. (Bug 3761)
- Graph analysis window is behind other window. (Bug 3773)
- IKEv2 Cert Request payload dissection error. (Bug 3782)
- DNS NAPTR RR (RFC 3403) replacement MUST be a fully qualified
domain-name. (Bug 3792)
- Malformed RTCP Packet error while sending Payload specific
RTCP feedback packet( as per RFC 4585). (Bug 3800)
- 802.11n Block Ack packet Bitmap field missing. (Bug 3806)
- Wireshark doesn't decode WBXML/ActiveSync information
correctly. (Bug 3811)
- Malformed packet when IPv6 packet has Next Header == 59. (Bug
3820)
- Wireshark could crash while reading an ERF file. (Bug 3849)
- Minor errors in gsm rr dissectors. (Bug 3889)
- WPA Decryption Issues. (Bug 3890)
- GSM A RR sys info dissection problem. (Bug 3901)
- GSM A RR inverts MEAS-VALID values. (Bug 3915)
- PDML output leaks ~300 bytes / packet. (Bug 3913)
- Incorrect station identifier parsing in Kingfisher dissector.
(Bug 3946)
- DHCPv6, Vendor-Specific Informantion, SubOption"Option
Request" parser incorrect. (Bug 3987)
- Wireshark could leak memory while analyzing SSL.
- Wireshark could crash while updating menu items after reading
a file in some cases.
- The Mac OS X ChmodBPF script now works correctly under Snow
Leopard.
- Updated Protocol Support
DCERPC, DHCPv6, DNS, E.212, GSM A RR, GTPv2, H.248, IEEE 802.11,
IPMI, ISAKMP/IKE, ISUP, Kingfisher, LDAP, OpcUA, RTCP, SCTP, SIP,
SSL, TCP, WBXML, ZRTP
- Updated Capture File Support
ERF
New features:
- Wireshark has a spiffy new start page.
- Display filters now autocomplete.
- Support for the c-ares resolver library has been added. It has many
- advantages over ADNS.
- Many new protocol dissectors and capture file formats have been added.
- Macintosh OS X support has been improved.
- GeoIP database lookups.
- OpenStreetMap + GeoIP integration.
- Improved Postscript(R) print output.
- The preference handling code is now much smarter about changes.
- Support for Pcap-ng, the next-generation capture file format.
- Support for process information correlation via IPFIX.
- Column widths are now saved.
- The last used configuration profile is now saved.
- Protocol preferences are changeable from the packet details context menu.
- Support for IP packet comparison.
- Capinfos now shows the average packet rate.
Security fixes:
- The AFS dissector could crash.
- The Infiniband dissector could crash on some platforms.
this pkg can be built against a gnutls which was built without
"openssl emulation". We build against the real openssl anyway, and
having both the real openssl and one emulated by gnutls has some
potential for namespace collisions, thus I'm considering to build
the pkgsrc gnutls w/o openssl emulation.
(This is just a build issue as far as wireshark is concerned, so
no PKGREV bump is needed.)
- Bug Fixes:
- The PCNFSD dissector could crash. (wnpa-sec-2009-03)
- Lua integration could crash.
- The SCCP dissector could crash when loading more than one file in
a single session.
- The NDMP dissector could crash if reassembly was enabled.
- Updated Protocol Support:
All ASN.1 protocols, DICOM, NDMP, PCNFSD, RTCP, SCCP, SSL, STANAG 5066
- Security-related bugs in the Profinet, LDAP, and CPHAP dissectors and
the Tektronix K12 file format have been fixed.
- Many other bugs have been fixed.
Changes between 1.0.5 and 1.0.6.:
- The following vulnerabilities have been fixed:
* On non-Windows systems, Wireshark could crash if the HOME environment
variable contained sprintf-style string formatting characters.
* Wireshark could crash while reading a malformed NetScreen snoop file.
* Wireshark could crash while reading a Tektronix K12 text capture file.
- The following bugs have been fixed:
* Crash when loading capture file and Preferences: NO Info column
* Some Lua scripts may lead to corruption via out of bounds stack
* Build with GLib 1.2 fails with error: 'G_MININT32' undeclared
* Wrong decoding IMSI with GSM MAP protocol
* Segmentation fault for "Follow TCP stream" (Bug 3119)
* SMPP optional parameter 'network_error_code' incorrectly decoded
* DHCPv6 dissector doesn't handle malformed FQDN
* WCCP overrides CFLOW as decoded protocol (Bug 3175)
* Improper decoding of MPLS echo reply IPv4 Interface and Label Stack Object
* ANSI MAP fix for TRN digits/SMS and OTA subdissection (Bug 3214)
- Updated Protocol Support
* AFS, ATM, DHCPv6, DIS, E.212, RTP, UDP, USB, WCCP, WPS
- New and Updated Capture File Support
* NetScreen snoop
Changes between version 1.0.4 and 1.0.5:
- The following vulnerabilities have been fixed. See the security advisory
for details and a workaround.
* The SMTP dissector could consume excessive amounts of CPU and memory.
* The WLCCP dissector could go into an infinte loop.
- The following bugs have been fixed:
* Missing CRLF during HTTP POST in the "packet details" window
* Memory assertion in time_secs_to_str_buf() when compiled with GCC 4.2.3
* Diameter dissector fails RFC 4005 compliance
* LDP vendor private TLV type is not correctly shown
* Wireshark on MacOS does not run when there are spaces in its path
* Compilation broke when compiling without zlib
* Memory leak: saved_repoid
* Memory leak: follow_info
* Memory leak: follow_info
* Memory leak: tacplus_data
* Memory leak: col_arrows
* Memory leak: col_arrows
* Incorrect address structure assigned for find_conversation() in WSP
* Memory leak with unistim in voip_calls
* Error parsing the BSSGP protocol
* Assertion thrown in fvalue_get_uinteger when decoding TIPC
* LUA script : Wireshark crashes after closing and opening again a window
used by a listener.draw() function.
- Updated Protocol Support
* ANSI MAP, BSSGP, CIP, Diameter, ENIP, GIOP, H.263, H.264, HTTP, MPEG PES
* PostgreSQL, PPI, PTP, Rsync, RTP, SMTP, SNMP, STANAG 5066, TACACS, TIPC
* WLCCP, WSP
The package update was provided by Matthias Drochner in private e-mail.
- Security-related bugs in the Bluetooth ACL, Bluetooth RFCOMM, PRP, Q.931,
MATE, and USB dissectors, as well as the Tammos CommView file parser have
been fixed.
- Many other bugs have been fixed.
This update addresses the security vulnerabilies reported
in wnpa-sec-2008-06.
- Security-related bugs in the NCP dissector, zlib compression code, and
Tektronix .rf5 file parser have been fixed.
- WPA group key decryption is now supported.
- A bug that could cause packets to be wrongly dissected as "Redback
Lawful Intercept" has been fixed.
This update address the security vulnerability reported in CVE-2008-3146.
The following vulnerabilities have been fixed:
- Wireshark could crash while reassembling packets.
The following bugs have been fixed:
- Dumpcap could crash on some versions of Windows (primarily Vista).
