Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0579
A vulnerability has been identified in Wireshark versions 1.10.0 to 1.10.6
23 April 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Publisher: Wireshark
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-2907
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm proud to announce the release of Wireshark 1.10.7.
__________________________________________________________
What is Wireshark?
Wireshark is the world's most popular network protocol
analyzer. It is used for troubleshooting, analysis, development
and education.
__________________________________________________________
What's New
Bug Fixes
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2014-06
The RTP dissector could crash. ([2]Bug 9885)
Versions affected: 1.10.0 to 1.10.6
[3]CVE-2014-2907
The following bugs have been fixed:
* RTP not decoded inside the conversation in v.1.10.1 ([4]Bug
9021)
* SIP/SDP: disabled second media stream disables all media
streams ([5]Bug 9835)
* Lua: trying to get/access a Preference before its
registered causes a segfault ([6]Bug 9853)
* Some value_string strings contain newlines. ([7]Bug 9878)
* Tighten the NO_MORE_DATA_CHECK macros ([8]Bug 9932)
* Fix crash when calling "MAP Summary" dialog when no file is
open ([9]Bug 9934)
* Fix comparing a sequence number of TCP fragment when its
value wraps over uint32_t limit ([10]Bug 9936)
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ANSI A, DVB-CI, GSM DTAP, GSM MAP, IEEE 802.11, LCSAP, LTE RRC,
MAC LTE, Prism, RTP, SDP, SIP, and TCP
New and Updated Capture File Support
and There are no changes in this release.
__________________________________________________________
Getting Wireshark
Wireshark source code and installation packages are available
from [11]http://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark
packages. You can usually install or upgrade Wireshark using
the package management system specific to that platform. A list
of third-party packages can be found on the [12]download page
on the Wireshark web site.
__________________________________________________________
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About->Folders to find the default locations on your system.
__________________________________________________________
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. ([13]Bug
1419)
The BER dissector might infinitely loop. ([14]Bug 1516)
Capture filters aren't applied when capturing from named pipes.
([15]Bug 1814)
Filtering tshark captures with read filters (-R) no longer
works. ([16]Bug 2234)
The 64-bit Windows installer does not support Kerberos
decryption. ([17]Win64 development page)
Resolving ([18]Bug 9044) reopens ([19]Bug 3528) so that
Wireshark no longer automatically decodes gzip data when
following a TCP stream.
Application crash when changing real-time option. ([20]Bug
4035)
Hex pane display issue after startup. ([21]Bug 4056)
Packet list rows are oversized. ([22]Bug 4357)
Summary pane selected frame highlighting not maintained.
([23]Bug 4445)
Wireshark and TShark will display incorrect delta times in some
cases. ([24]Bug 4985)
__________________________________________________________
Getting Help
Community support is available on [25]Wireshark's Q&A site and
on the wireshark-users mailing list. Subscription information
and archives for all of Wireshark's mailing lists can be found
on [26]the web site.
Official Wireshark training and certification are available
from [27]Wireshark University.
__________________________________________________________
Frequently Asked Questions
A complete FAQ is available on the [28]Wireshark web site.
__________________________________________________________
Last updated 2014-04-22 09:33:46 PDT
References
1. https://www.wireshark.org/security/wnpa-sec-2014-06.html
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885
3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2907
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9021
5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9835
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9853
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9878
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9932
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9934
10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9936
11. http://www.wireshark.org/download.html
12. http://www.wireshark.org/download.html#thirdparty
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
17. https://wiki.wireshark.org/Development/Win64
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
25. http://ask.wireshark.org/
26. http://www.wireshark.org/lists/
27. http://www.wiresharktraining.com/
28. http://www.wireshark.org/faq.html
Digests
wireshark-1.10.7.tar.bz2: 26711577 bytes
MD5(wireshark-1.10.7.tar.bz2)=0e8a111d24c11255eae139c8f27fd25b
SHA1(wireshark-1.10.7.tar.bz2)=5e5ce4fdc9aa53e545fc0fbd22eea6adcf7dfc0b
RIPEMD160(wireshark-1.10.7.tar.bz2)=67fcd4cce612a5af705e1db5a57549444d4c4e57
Wireshark-win32-1.10.7.exe: 22150416 bytes
MD5(Wireshark-win32-1.10.7.exe)=9de8117b2c92331b704f144eaded26b4
SHA1(Wireshark-win32-1.10.7.exe)=6eaf0e877f5e40ccffff64d2f97bc7b09c13bcce
RIPEMD160(Wireshark-win32-1.10.7.exe)=8fb78374e77a3d7f9e1f70b2f76f9530621cfdf2
Wireshark-win64-1.10.7.exe: 28001672 bytes
MD5(Wireshark-win64-1.10.7.exe)=b7ae72bd50159e33b7aacb7dedc09977
SHA1(Wireshark-win64-1.10.7.exe)=23b543c4de03d5deb6b103d52bbc4b07df0741c2
RIPEMD160(Wireshark-win64-1.10.7.exe)=aa2f1d59b0417fafcbfddf42aad20c7ee749e43e
Wireshark-1.10.7.u3p: 30631544 bytes
MD5(Wireshark-1.10.7.u3p)=32ec656b07f23d066e055b476f6d64b4
SHA1(Wireshark-1.10.7.u3p)=5bbf40eb7fdab0ac2f9bb5d14f35609eb40aaed9
RIPEMD160(Wireshark-1.10.7.u3p)=f7ff2695e55ca06ade7600baa86eaccba7277c7f
WiresharkPortable-1.10.7.paf.exe: 23516496 bytes
MD5(WiresharkPortable-1.10.7.paf.exe)=8ce5fe8f1762607208ebead8bc704173
SHA1(WiresharkPortable-1.10.7.paf.exe)=cb10074c8d02d2a0c2217fa28228c35173c1b916
RIPEMD160(WiresharkPortable-1.10.7.paf.exe)=85318a28381fb79af56af71eb70e9bc4986bf7e4
Wireshark 1.10.7 Intel 64.dmg: 24763285 bytes
MD5(Wireshark 1.10.7 Intel 64.dmg)=e04a2f3d5b323710f1f2b9e5e4d55145
SHA1(Wireshark 1.10.7 Intel
64.dmg)=2fe915dabf00381173b85d2deac55656db7fcd96
RIPEMD160(Wireshark 1.10.7 Intel
64.dmg)=b70bb5a03eb046817cd0d79652de7f7e12f06c1f
Wireshark 1.10.7 Intel 32.dmg: 20446527 bytes
MD5(Wireshark 1.10.7 Intel 32.dmg)=67a159cae5e32d0721d6c7732cf1be18
SHA1(Wireshark 1.10.7 Intel
32.dmg)=5bc451ec229ff09776e25261cbb8ff1f90f0ad7f
RIPEMD160(Wireshark 1.10.7 Intel
32.dmg)=81dff628e6478a43f04f76127a390fbc81dc5cdc
patch-wireshark-1.10.6-to-1.10.7.bz2: 88811 bytes
MD5(patch-wireshark-1.10.6-to-1.10.7.bz2)=9ba40974191c7ad12e93f8f8f81d5f95
SHA1(patch-wireshark-1.10.6-to-1.10.7.bz2)=443b78939974dea79a1c95b4f652fba4edbead35
RIPEMD160(patch-wireshark-1.10.6-to-1.10.7.bz2)=31f19c2a382e19de0036c796fbae3ce8e53d27b7
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlNWulsACgkQpw8IXSHylJqcnACeN6KgJ3ZjoSlzpdv+HkAC06qz
MH8An2X9+uuQeL+BCJ4n4tm804C586UN
=vTg3
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU1dalRLndAQH1ShLAQIPGw//VUmTHldShbpVLEShzUl0qDu7BwMk/xnJ
Eq3Dn6LssFYQohpAwcvWc5YgLmUrScXuhobuxm6+cW6AWlJ9EX6AqChSu17f8vLZ
k/OD7oJ6+XpFcEijpwCCwFORkFNfhCqg3vphXInfWn9uRVwI1n3JNwAjXu8TA1ol
HKvMUEJvVEnNQQVgg7WwltGzbpgNxJsAOjs7rsNOfqh3qtB1eZMqUSqsQJC5eKmW
W9EAHnuQ6rqzgkTkzpK00VU1MCuUnUeo70kDnvzuWeVisqM9LtRN0hkLIVeQSTZo
1AsZFvR4UkbeAR8xes9rRoLyL273YNLOqyevRQWzvrx5NZrSYR7/gXuyZCKG9xbR
x4Z9g5cu85SUtDpik0Fvi53MYHx7Lk7yX65pDC4x8yXGN1cZl5CClXYTQ9PSAhdt
U/xxQYV6jfq9wTCvL0KN9RCpJ8hWSaFyzuYCt2IZKyZJrwPsJEuyGMlqac+P29PJ
A3+R6/tJBrAC3+ng1qlDpxVTXVR5xwPLWvaJkXQtrYGu8I+P15P1+/63duT2OwPU
xaJEhgl18ksrRIp2oUovWwDbj5N930DUQH8XULHaPkabxlOXt1X29VgBEQEOJHIy
/lJy6o6pPifC8L5cm/xohPpWpmX0RjZxayeAuAhaANy/mvMbwn7iXEetQ40+JILY
fpCEl0yne00=
=Gbwc
-----END PGP SIGNATURE-----