Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0714
Wireshark 1.6.15 & 1.8.7 is now available
20 May 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Publisher: Wireshark
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-2487 CVE-2013-2486
Reference: ESB-2013.0341
Original Bulletin:
http://www.wireshark.org/lists/wireshark-announce/201305/msg00001.html
http://www.wireshark.org/lists/wireshark-announce/201305/msg00000.html
Comment: This bulletin contains two (2) Wireshark security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm proud to announce the release of Wireshark 1.6.15.
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer.
It is used for troubleshooting, analysis, development and
education.
What's New
Bug Fixes
The following vulnerability has been fixed.
o wnpa-sec-2013-25
The ASN.1 BER dissector could crash. (Bug 8599)
Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
The following bugs have been fixed:
o SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
o A console window is never opened. (Bug 7755)
o dissect_rpc_array causes assertion fault when array is empty.
(Bug 8145)
o Decoding of GSM MAP E164 Digits. (Bug 8450)
o Cannot read content of Ran Information Application Error Rim
Container. (Bug 8559)
o "ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be
"ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY". (Bug 8575)
o Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
o LISP control packet incorrectly identified as LISP data based
when UDP source port is 4341. (Bug 8627)
o Bad TCP checksum not detected. (Bug 8629)
o AMR Frame Type uses wrong Value String. (Bug 8681)
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AMR, ASN.1 BER, BAT, BSSGP, DTLS, E.164, GSM MAP, HSRP, LISP, NFS,
RPC, SASP, SIP, SNMP, SSL/TLS, TCP
New and Updated Capture File Support
Netscreen.
Getting Wireshark
Wireshark source code and installation packages are available from
http://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package
management system specific to that platform. A list of third-party
packages can be found on the download page on the Wireshark web
site.
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About→Folders to find the default locations on your system.
Known Problems
Wireshark might make your system disassociate from a wireless
network on OS X 10.4. (Bug 1315)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes.
(Bug 1814)
Filtering tshark captures with display filters (-R) no longer
works. (Bug 2234)
The 64-bit Windows installer does not ship with libsmi. (Win64
development page)
"Closing File!" Dialog Hangs. (Bug 3046)
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug
4445)
Wireshark and TShark will display incorrect delta times when
displayed as a custom column. (Bug 4985)
Getting Help
Community support is available on Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and
archives for all of Wireshark's mailing lists can be found on the
web site.
Official Wireshark training and certification are available from
Wireshark University.
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site.
Digests
wireshark-1.6.15.tar.bz2: 22153133 bytes
MD5(wireshark-1.6.15.tar.bz2)=0c5a2fbfa7ba68c36a7ae8ab1cae6340
SHA1(wireshark-1.6.15.tar.bz2)=5e358aa0b1a7f76e66bccd734daec04c3bacfa1c
RIPEMD160(wireshark-1.6.15.tar.bz2)=5ad8fb396f23fc47bd41ca2a7516b7deaa678b20
wireshark-win32-1.6.15.exe: 19641845 bytes
MD5(wireshark-win32-1.6.15.exe)=e2e9438a303b386408621f19b190aa9d
SHA1(wireshark-win32-1.6.15.exe)=058c019b8d4d54f7812047382b218f55fe973bd8
RIPEMD160(wireshark-win32-1.6.15.exe)=32fed4ae90f718217443f47f42f3a30c804533b6
wireshark-win64-1.6.15.exe: 22823005 bytes
MD5(wireshark-win64-1.6.15.exe)=132ce3a2071612908510e3816fb2d6b6
SHA1(wireshark-win64-1.6.15.exe)=9eec59ae15a26ba1aab2c17853cfdec251beb77c
RIPEMD160(wireshark-win64-1.6.15.exe)=7f9e2c486c45a6d823fc41f26f493985244d498d
wireshark-1.6.15.u3p: 26783510 bytes
MD5(wireshark-1.6.15.u3p)=cb1f3cb43d4feb753e6aa06abf78c792
SHA1(wireshark-1.6.15.u3p)=a6bebb9235c5c690623185f0640caa1061567436
RIPEMD160(wireshark-1.6.15.u3p)=e2998cefbaf413ff1c8456042a1d2e2cc6fd89c6
WiresharkPortable-1.6.15.paf.exe: 20567059 bytes
MD5(WiresharkPortable-1.6.15.paf.exe)=0ee1085ca9633d0a843350231a0ab4cd
SHA1(WiresharkPortable-1.6.15.paf.exe)=10f2a19cf2d552d300dd37b84f41587875fb1458
RIPEMD160(WiresharkPortable-1.6.15.paf.exe)=c34e7e756a19079bbacc02c37ac0a4f89e968430
Wireshark 1.6.15 Intel 32.dmg: 18464416 bytes
MD5(Wireshark 1.6.15 Intel 32.dmg)=4af370bbfe67c305519a2db731ed4d98
SHA1(Wireshark 1.6.15 Intel
32.dmg)=55e2299834214f310f3bc4d8cf0e65bf8c94b3d5
RIPEMD160(Wireshark 1.6.15 Intel
32.dmg)=d62f2f9f3aaf073fb4da7ed2ef8d5bcfbdf9f462
Wireshark 1.6.15 PPC 32.dmg: 21288156 bytes
MD5(Wireshark 1.6.15 PPC 32.dmg)=dd0b558a8d91f7846d90dee12096280b
SHA1(Wireshark 1.6.15 PPC 32.dmg)=b6130523caef46160db364dcdbe22f353ff38963
RIPEMD160(Wireshark 1.6.15 PPC
32.dmg)=03d33808bc5bfce15d044027ee924450cc9c7c4b
Wireshark 1.6.15 Intel 64.dmg: 20244915 bytes
MD5(Wireshark 1.6.15 Intel 64.dmg)=5afbec77f0182915d358a03fa3984eb8
SHA1(Wireshark 1.6.15 Intel
64.dmg)=8ddf08cd7b3cda547503f1fa5f594ba1ff3a09b3
RIPEMD160(Wireshark 1.6.15 Intel
64.dmg)=019e7df11998295e4da7dcb00d5926442765bbce
patch-wireshark-1.6.14-to-1.6.15.diff.bz2: 195041 bytes
MD5(patch-wireshark-1.6.14-to-1.6.15.diff.bz2)=c93373953e2bcddf8f0bf75e42505e4b
SHA1(patch-wireshark-1.6.14-to-1.6.15.diff.bz2)=b6e5349d6480f3b096d6d42aa67307c0d6780b3c
RIPEMD160(patch-wireshark-1.6.14-to-1.6.15.diff.bz2)=4cf9cccc9d20b64a9d580f97b7e4d3b73fea8c0d
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGWqDQACgkQpw8IXSHylJq6vACbBMbUwsDN3O+DvXpwD2mCIMDh
FeEAnRjIxpE0p7st1EeaGKGL8PTq1McE
=MPhZ
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm proud to announce the release of Wireshark 1.8.7.
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer.
It is used for troubleshooting, analysis, development and
education.
What's New
Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-23
The RELOAD dissector could go into an infinite loop.
Discovered by Evan Jensen. (Bug 8364, (Bug 8546)
Versions affected: 1.8.0 to 1.8.6.
CVE-2013-2486
CVE-2013-2487
o wnpa-sec-2013-24
The GTPv2 dissector could crash. (Bug 8493)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-25
The ASN.1 BER dissector could crash. (Bug 8599)
Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
o wnpa-sec-2013-26
The PPP CCP dissector could crash. (Bug 8638)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-27
The DCP ETSI dissector could crash. Discovered by Evan Jensen.
(Bug 8231, bug 8540, bug 8541)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-28
The MPEG DSM-CC dissector could crash. (Bug 8481)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-29
The Websocket dissector could crash. Discovered by Moshe
Kaplan. (Bug 8448, Bug 8499)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-30
The MySQL dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8458)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-31
The ETCH dissector could go into a large loop. Discovered by
Moshe Kaplan. (Bug 8464)
Versions affected: 1.8.0 to 1.8.6.
The following bugs have been fixed:
o The Windows installer and uninstaller does a better job of
detecting running executables.
o Library mismatch when compiling on a system with an older
Wireshark version. (Bug 6011)
o SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
o A console window is never opened. (Bug 7755)
o GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
o Fix include and libs search path when cross compiling. (Bug
7926)
o PER dissector crash. (Bug 8197)
o pcap-ng: name resolution block is not written to file on save.
(Bug 8317)
o Incorrect RTP statistics (Lost Packets indication not ok).
(Bug 8321)
o Decoding of GSM MAP E164 Digits. (Bug 8450)
o Silent installer and uninstaller not silent. (Bug 8451)
o Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to
placate recent autotools. (Bug 8452)
o Wifi details are not stored in the Decryption Key Management
dialog (post 1.8.x). (Bug 8446)
o IO Graph should not be limited to 100k points (NUM_IO_ITEMS).
(Bug 8460)
o geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit
field truncated to 23 bits. (Bug 8532)
o IRC message with multiple params causes malformed packet
exception. (Bug 8548)
o Part of Ping Reply Message in ICMPv6 Reply Message is marked
as "Malformed Packet". (Bug 8554)
o MP2T wiretap heuristic overriding ERF. (Bug 8556)
o Cannot read content of Ran Information Application Error Rim
Container. (Bug 8559)
o Endian error and IP:Port error when decoding BT-DHT response
message. (Bug 8572)
o "ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be
"ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY". (Bug 8575)
o wireshark crashes while displaying I/O Graph. (Bug 8583)
o GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded)
incorrectly. (Bug 8596)
o DTLS 1.2 uses wrong PRF. (Bug 8608)
o RTP DTMF digits are no longer displayed in VoIP graph
analysis. (Bug 8610)
o Universal port not accepted in RSA Keys List window. (Bug
8618)
o Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
o LISP control packet incorrectly identified as LISP data based
when UDP source port is 4341. (Bug 8627)
o Bad tcp checksum not detected. (Bug 8629)
o AMR Frame Type uses wrong Value String. (Bug 8681)
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson
A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave,
IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP,
SIP, SSL/TLS, TCP, UA3G
New and Updated Capture File Support
Endace ERF, NetScreen snoop.
Getting Wireshark
Wireshark source code and installation packages are available from
http://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package
management system specific to that platform. A list of third-party
packages can be found on the download page on the Wireshark web
site.
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About→Folders to find the default locations on your system.
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes.
(Bug 1814)
Filtering tshark captures with display filters (-R) no longer
works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption.
(Win64 development page)
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug
4445)
Wireshark and TShark will display incorrect delta times in some
cases. (Bug 4985)
Getting Help
Community support is available on Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and
archives for all of Wireshark's mailing lists can be found on the
web site.
Official Wireshark training and certification are available from
Wireshark University.
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site.
Digests
wireshark-1.8.7.tar.bz2: 24273700 bytes
MD5(wireshark-1.8.7.tar.bz2)=f4198728a20aa40752906031e08544f8
SHA1(wireshark-1.8.7.tar.bz2)=c131ce10555e608e691aa36190c8d5a1b271c955
RIPEMD160(wireshark-1.8.7.tar.bz2)=c9a2b59441a517e4943a2b7e3e994694125b1759
Wireshark-win32-1.8.7.exe: 20868704 bytes
MD5(Wireshark-win32-1.8.7.exe)=7aee0d82ed4efa3e709aa9e42a86c34c
SHA1(Wireshark-win32-1.8.7.exe)=95f42bfaee23351b504aca3fa57e29c0c2cd3227
RIPEMD160(Wireshark-win32-1.8.7.exe)=a95e303f9176d754d86a8f8198a801cba5c3e04f
Wireshark-win64-1.8.7.exe: 26549232 bytes
MD5(Wireshark-win64-1.8.7.exe)=a832cae3e9d0e312c3c1241a970f1080
SHA1(Wireshark-win64-1.8.7.exe)=845da671608323ca3154c03e47365e26fce80d69
RIPEMD160(Wireshark-win64-1.8.7.exe)=696f0c8090bcb22e7c2c641925db7b6958ce5df1
Wireshark-1.8.7.u3p: 28621210 bytes
MD5(Wireshark-1.8.7.u3p)=e38ae665e9a6799961c75e1c794b0241
SHA1(Wireshark-1.8.7.u3p)=5feb3b235ffe38315b94bd1de1fd269249737853
RIPEMD160(Wireshark-1.8.7.u3p)=162f88f661a31fd1902ece049b6d8a4937dd18f7
WiresharkPortable-1.8.7.paf.exe: 22051216 bytes
MD5(WiresharkPortable-1.8.7.paf.exe)=5f7624d355520650b1d61f86552ef06c
SHA1(WiresharkPortable-1.8.7.paf.exe)=7fbba81263fb957f37a8694ab36f39aa2d0dda7c
RIPEMD160(WiresharkPortable-1.8.7.paf.exe)=f1ee0f1aff528a88aad79024df371560a593f963
Wireshark 1.8.7 PPC 32.dmg: 22938629 bytes
MD5(Wireshark 1.8.7 PPC 32.dmg)=2df64ff6c884f8c9aa036be0ac850dc4
SHA1(Wireshark 1.8.7 PPC 32.dmg)=fac403ed5616d4f3736dc26ad6b46b43d92eeca5
RIPEMD160(Wireshark 1.8.7 PPC
32.dmg)=a3a2de3aeac6bfce17f95ed1bc803277cab504b5
Wireshark 1.8.7 Intel 64.dmg: 21653924 bytes
MD5(Wireshark 1.8.7 Intel 64.dmg)=8615eade01f43e6229d83a3148bd5566
SHA1(Wireshark 1.8.7 Intel
64.dmg)=3816f7a1d9fdea109a02c49d559f804516ebab6d
RIPEMD160(Wireshark 1.8.7 Intel
64.dmg)=847401b192639fd9ae85c4f2fe33cf6fc25df077
Wireshark 1.8.7 Intel 32.dmg: 19734453 bytes
MD5(Wireshark 1.8.7 Intel 32.dmg)=4c5e9c6ae11d0db53cb101acf06fe96f
SHA1(Wireshark 1.8.7 Intel
32.dmg)=5aaf4924318705e041041f2af4145966b63f4baf
RIPEMD160(Wireshark 1.8.7 Intel
32.dmg)=e324792142ea8a76f6f949b3fbe998dba7290c84
patch-wireshark-1.8.6-to-1.8.7.diff.bz2: 238913 bytes
MD5(patch-wireshark-1.8.6-to-1.8.7.diff.bz2)=898cc367b1ca964d13d5add01abd7dc3
SHA1(patch-wireshark-1.8.6-to-1.8.7.diff.bz2)=44668ceb45fc4953d9f782c61abcd67bd75cb8d1
RIPEMD160(patch-wireshark-1.8.6-to-1.8.7.diff.bz2)=43047d437df36cefce63d295fbbde1973d4867f7
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGWqCAACgkQpw8IXSHylJrVcACgkdCrVv8oME+n7xT8nMXJpe1R
hLcAnizCuOZjoSmRJZOCkIzBmbJ/FcIp
=Pjbu
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUZnL9+4yVqjM2NGpAQJS/w//W99rWi1sDcGm0bdBsWfPLx7yAgFRZBOZ
MLDIu4BOnbsKANVL/yjG23HZSuah960Wmu0Ohyp2UOAJuFmLlVIMdB6wPaVbBEww
UFhVsbfKsAkhykXfxR2R5C06S0QPSyXOIzuCxU0qux5GF4hSFNQ1gM7G4PkwV9Ix
WLG5bjFM8imejkw7GlfwSjRDAeCU7XwzOA7Yo4yf8JWUOgFZ/DZqS94IyjHlF3Xr
gCrlhdz2W+onG6qVXIehdqf7Bc5WY/uZB/lMjpmtWt/a9RVMan16ytqCIPDYG2fA
YeTKGbqHFIR22lMtyTrpGyiH+TKMa3uZdLkhqXZEHwEsz5jpmy1PdERtXCNqXuBC
F88Dz+LBD/8mzNg54UsTDYnpkgYDl1ozK5N5TVZoxRxBB7cuvILwVIDAmxg7WtkS
FEDDzcXtHzgusEUlX4vW2yadyGSAV//tKBswVbifZ+b6hrgsuolqzl3KdVgSOklC
xuRrvAzUJlOH1IEnJe4IkAYeXHKQVtjqq3Z8OwGmPU618wd1HlGzV8gRS+LUj41q
UMAHno8zCf9qgU+lE0HBUhtArs+gklv46RWMH28iusvCFbFSsMYOejIOHE7ptzSf
tpkjkPgfcmNHPQtgKyB+uA4SyQXRsbUE1nlgUzcmPf0/uf7XiYtbOxVf7r1U0w45
p/nAgf0LPy0=
=LfbG
-----END PGP SIGNATURE-----