Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

                     Wireshark 2.2.1 is now available
                              5 October 2016


        AusCERT Security Bulletin Summary

Product:          Wireshark
Publisher:        Wireshark
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access:    Denial of Service -- Remote with User Interaction
Resolution:       Patch/Upgrade

- --------------------------BEGIN INCLUDED TEXT--------------------

I'm proud to announce the release of Wireshark 2.2.1.


What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.

What's New

     * The Windows installers now ship with Qt 5.6. Previously they
       shipped with Qt 5.3.

  Bug Fixes

   The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2016-56
       The Bluetooth L2CAP dissector could crash. ([2]Bug 12825)
     * [3]wnpa-sec-2016-57
       The NCP dissector could crash. ([4]Bug 12945)

   The following bugs have been fixed:
     * Flow Graph colored data arrows. ([5]Bug 12065)
     * Capture File Properties under Statistics Grayed Out after Stopping
       a Capture. ([6]Bug 12071)
     * Qt: Hidden columns displayed during live capture. ([7]Bug 12377)
     * Unable to save changes to coloring rules. ([8]Bug 12814)
     * Bad description for NBSS error code 0x81. ([9]Bug 12835)
     * Live capture from USBPcap fails immediately. ([10]Bug 12846)
     * Cannot decrypt EAP-TTLS traffic (not recognized as conversation).
       ([11]Bug 12879)
     * Export packet dissections Option disabled after capturing traffic.
       ([12]Bug 12898)
     * Failure to open file named with Chinese or other multibyte
       characters. ([13]Bug 12900)
     * k12 text file format causes errors. ([14]Bug 12903)
     * File | File Set | List Files dialog is blank. ([15]Bug 12904)
     * Decoding/Display of an INAP CONNECT message goes wrong for the
       Destination Routing Address part. ([16]Bug 12911)
     * TLS padding extension dissector length parsing bug. ([17]Bug 12922)
     * Diameter dictionary bugs. ([18]Bug 12927)
     * File open from menu bar with filter in place causes Wireshark to
       crash. ([19]Bug 12929)
     * Unable to capture USBPcap trace using tshark with extcap built.
       ([20]Bug 12949)
     * P1 dissector fails a TVB assertion. ([21]Bug 12976)
     * Multiple PortableApps instances can once again be run at the same

  New and Updated Features

   There are no new features in this release.

  New File Format Decoding Support

   There are no new file formats in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   6LowPAN, BT L2CAP, CIP, DCOM IRemUnknown, Diameter, DMP, EAP, ISUP,
   NBT, NCP, NetFlow, SSL / TLS, and U3V

  New and Updated Capture File Support

   Ascend, and K12

  New and Updated Capture Interfaces support

   There are no new or updated capture interfaces supported in this

  Major API Changes

   There are no major API changes in this release.

Getting Wireshark

   Wireshark source code and installation packages are available from

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can be
   found on the [23]download page on the Wireshark web site.

File Locations

   Wireshark and TShark look in several different locations for preference
   files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
   vary from platform to platform. You can use About->Folders to find the
   default locations on your system.

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. ([24]Bug 1419)

   The BER dissector might infinitely loop. ([25]Bug 1516)

   Capture filters aren't applied when capturing from named pipes.
   ([26]Bug 1814)

   Filtering tshark captures with read filters (-R) no longer works.
   ([27]Bug 2234)

   Application crash when changing real-time option. ([28]Bug 4035)

   Packet list rows are oversized. ([29]Bug 4357)

   Wireshark and TShark will display incorrect delta times in some cases.
   ([30]Bug 4985)

   Wireshark should let you work with multiple capture files. ([31]Bug

   Dell Backup and Recovery (DBAR) makes many Windows applications crash,
   including Wireshark. ([32]Bug 12036)

Getting Help

   Community support is available on [33]Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and archives for
   all of Wireshark's mailing lists can be found on [34]the web site.

   Official Wireshark training and certification are available from
   [35]Wireshark University.

Frequently Asked Questions

   A complete FAQ is available on the [36]Wireshark web site.

   Last updated 2016-10-04 20:38:27 UTC


   1. https://www.wireshark.org/security/wnpa-sec-2016-56.html
   2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825
   3. https://www.wireshark.org/security/wnpa-sec-2016-57.html
   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12945
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12065
   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12071
   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12377
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12814
   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12835
  10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12846
  11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12879
  12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12898
  13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12900
  14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12903
  15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12904
  16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12911
  17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12922
  18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12927
  19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12929
  20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12949
  21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12976
  22. https://www.wireshark.org/download.html
  23. https://www.wireshark.org/download.html#thirdparty
  24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
  25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
  26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
  27. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
  28. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
  29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
  30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
  31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
  32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
  33. https://ask.wireshark.org/
  34. https://www.wireshark.org/lists/
  35. http://www.wiresharktraining.com/
  36. https://www.wireshark.org/faq.html


wireshark-2.2.1.tar.bz2: 32154087 bytes

Wireshark-win32-2.2.1.exe: 44390576 bytes

Wireshark-win64-2.2.1.exe: 49208304 bytes

WiresharkPortable_2.2.1.paf.exe: 45963240 bytes

Wireshark 2.2.1 Intel 64.dmg: 32691945 bytes
SHA256(Wireshark 2.2.1 Intel
RIPEMD160(Wireshark 2.2.1 Intel
SHA1(Wireshark 2.2.1 Intel 64.dmg)=9011b1cf69c532a5aa8fae7a0a77e132377addd6
MD5(Wireshark 2.2.1 Intel 64.dmg)=d32cfc5155142e5310c5e04d31d85d9b

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967