Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0212
wireshark update
25 January 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Publisher: Wireshark
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
Comment: This bulletin contains two (2) security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
I'm proud to announce the release of Wireshark 2.2.4.
__________________________________________________________________
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-01
The ASTERIX dissector could go into an infinite loop. ([2]Bug
13344)
* [3]wnpa-sec-2017-02
The DHCPv6 dissector could go into a large loop. ([4]Bug 13345)
The following bugs have been fixed:
* TCP reassembly: tcp.reassembled_in is not set in first packet.
([5]Bug 3264)
* Duplicated Interfaces instances while refreshing. ([6]Bug 11553)
* Time zone name needs to be converted to UTF-8 on Windows. ([7]Bug
11785)
* Crash on fast local interface changes. ([8]Bug 12263)
* Please align columns in tshark's output. ([9]Bug 12502)
* Display data rate fields for VHT rates invalid with BCC modulation.
([10]Bug 12859)
* plugin_if_get_ws_info causes Access Violation if called during
rescan. ([11]Bug 12973)
* SMTP BDAT dissector not reverting to command-code after DATA.
([12]Bug 13030)
* Wireshark fails to recognize V6 DBS Etherwatch capture files.
([13]Bug 13093)
* Runtime Error when try to merge .pcap files (Wireshark crashes).
([14]Bug 13175)
* PPP BCP BPDU size reports not header size, but all data underneath
and its header size in UI. ([15]Bug 13188)
* In-line UDP checksum bytes in 6LoWPAN IPHC are swapped. ([16]Bug
13233)
* Uninitialized memcmp on data in daintree-sna.c. ([17]Bug 13246)
* Crash when dissect WDBRPC Version 2 protocol with Dissect unknown
program numbers enabled. ([18]Bug 13266)
* Contents/Resources/bin directory isn't in the app bundle after
installation. ([19]Bug 13270)
* Regression: IEEE17221 (AVDECC) decoded as IEEE1722 (AVB
Transportation Protocol). ([20]Bug 13274)
* Can't decode packets captured with OpenBSD enc(4) encapsulating.
([21]Bug 13279)
* UDLD flags are at other end of octet. ([22]Bug 13280)
* MS-WSP dissector no longer works since commit
8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. ([23]Bug 13299)
* TBCD string decoded wrongly in MAP ATI message. ([24]Bug 13316)
* Filter Documentation: The tilde (~) operator is not documented.
([25]Bug 13320)
* VoIP Flow Sequence Causes Application Crash. ([26]Bug 13329)
New and Updated Features
There are no new features in this release.
New File Format Decoding Support
There are no new file formats in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
6LoWPAN, DVB-CI, ENC, GSM MAP, IEEE 1722, IEEE 1722.1, ISAKMP, MS-WSP,
PPP, QUIC, Radiotap, RPC, SMTP, TCP, UCD, and UDLD
New and Updated Capture File Support
There is no new or updated capture file support in this release.
Daintree SNA, and DBS Etherwatch
New and Updated Capture Interfaces support
There are no new or updated capture interfaces supported in this
release.
Major API Changes
There are no major API changes in this release.
__________________________________________________________________
Getting Wireshark
Wireshark source code and installation packages are available from
[27]https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can be
found on the [28]download page on the Wireshark web site.
__________________________________________________________________
File Locations
Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
vary from platform to platform. You can use About->Folders to find the
default locations on your system.
__________________________________________________________________
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. ([29]Bug 1419)
The BER dissector might infinitely loop. ([30]Bug 1516)
Capture filters aren't applied when capturing from named pipes.
([31]Bug 1814)
Filtering tshark captures with read filters (-R) no longer works.
([32]Bug 2234)
Application crash when changing real-time option. ([33]Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases.
([34]Bug 4985)
Wireshark should let you work with multiple capture files. ([35]Bug
10488)
Dell Backup and Recovery (DBAR) makes many Windows applications crash,
including Wireshark. ([36]Bug 12036)
__________________________________________________________________
Getting Help
Community support is available on [37]Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and archives for
all of Wireshark's mailing lists can be found on [38]the web site.
Official Wireshark training and certification are available from
[39]Wireshark University.
__________________________________________________________________
Frequently Asked Questions
A complete FAQ is available on the [40]Wireshark web site.
__________________________________________________________________
Last updated 2017-01-23 20:21:22 UTC
References
1. https://www.wireshark.org/security/wnpa-sec-2017-01.html
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344
3. https://www.wireshark.org/security/wnpa-sec-2017-02.html
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345
5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3264
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11553
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11785
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12263
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12502
10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12859
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12973
12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13030
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13093
14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13175
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13188
16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13233
17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13246
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13266
19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13270
20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13274
21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13279
22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13280
23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13299
24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13316
25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13320
26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13329
27. https://www.wireshark.org/download.html
28. https://www.wireshark.org/download.html#thirdparty
29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
36. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
37. https://ask.wireshark.org/
38. https://www.wireshark.org/lists/
39. http://www.wiresharktraining.com/
40. https://www.wireshark.org/faq.html
Digests
wireshark-2.2.4.tar.bz2: 32336156 bytes
SHA256(wireshark-2.2.4.tar.bz2)=42a7fb35eed5a32478153e24601a284bb50148b7ba919c3e8452652f4c2a3911
RIPEMD160(wireshark-2.2.4.tar.bz2)=82b8df88a97c8fe0608ff8b099e366ca4eb620d1
SHA1(wireshark-2.2.4.tar.bz2)=2913835d17a93af2a85ad5d9b580c47b359619a4
MD5(wireshark-2.2.4.tar.bz2)=6d0878ba931ea379f6e675d4cba6536b
Wireshark-win32-2.2.4.exe: 44516632 bytes
SHA256(Wireshark-win32-2.2.4.exe)=2c36978d0367aac1881d68ede14dcbd8003b78a45a30a30dc5086bf7ccc64d48
RIPEMD160(Wireshark-win32-2.2.4.exe)=5ff5129dfc858e97584870b94d28493d29af1f30
SHA1(Wireshark-win32-2.2.4.exe)=18554bb841a1fc988bed335f134f6ec429f67e21
MD5(Wireshark-win32-2.2.4.exe)=5c23a3735595445a6e612551fab6be4e
Wireshark-win64-2.2.4.exe: 49360976 bytes
SHA256(Wireshark-win64-2.2.4.exe)=0dabf7f5cba2101ef9303a50c81ef9eb9d59738ff62b4f4c5bba5a15ca4671f8
RIPEMD160(Wireshark-win64-2.2.4.exe)=04a0ea2349f24fd0ae244ecfb23aa0114526afc6
SHA1(Wireshark-win64-2.2.4.exe)=13cc7e778041ee986dabd0b2f1923a031c8965ae
MD5(Wireshark-win64-2.2.4.exe)=8b477478d5d9ce9cc808f8539f515d13
WiresharkPortable_2.2.4.paf.exe: 46090528 bytes
SHA256(WiresharkPortable_2.2.4.paf.exe)=e34cb1610f82a87469108ee542ea1b703f840b84105c997bd78c7daa5f152495
RIPEMD160(WiresharkPortable_2.2.4.paf.exe)=64b28d94f7af237e165650618f88eb1a551fc67e
SHA1(WiresharkPortable_2.2.4.paf.exe)=46fb03f252b26f35829b22c2ef178ce6034f055e
MD5(WiresharkPortable_2.2.4.paf.exe)=79b798f3d6d21284e0f6eaf2c2f4c837
Wireshark 2.2.4 Intel 64.dmg: 32844200 bytes
SHA256(Wireshark 2.2.4 Intel
64.dmg)=e3951fdd6cbf7bfec65595ba668f953ccb2587ad94f078cac3a5b99bf3bd2e6e
RIPEMD160(Wireshark 2.2.4 Intel
64.dmg)=3ca1f000fbd7f9de77a26607863b964f005883b9
SHA1(Wireshark 2.2.4 Intel 64.dmg)=f571e5c36249c9e27acd1075b6bb083cb44a8395
MD5(Wireshark 2.2.4 Intel 64.dmg)=4d9eb54c726b86873c42d3ad0b06f3d4
- - ---
I'm proud to announce the release of Wireshark 2.0.10.
__________________________________________________________________
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________
What's New
Bug Fixes
The following vulnerabilities have been fixed:
The following bugs have been fixed:
* Duplicated Interfaces instances while refreshing. ([1]Bug 11553)
* Time zone name needs to be converted to UTF-8 on Windows. ([2]Bug
11785)
* Crash on fast local interface changes. ([3]Bug 12263)
* SMTP BDAT dissector not reverting to command-code after DATA.
([4]Bug 13030)
* Wireshark fails to recognize V6 DBS Etherwatch capture files.
([5]Bug 13093)
* PPP BCP BPDU size reports not header size, but all data underneath
and its header size in UI. ([6]Bug 13188)
* Uninitialized memcmp on data in daintree-sna.c. ([7]Bug 13246)
* UDLD flags are at other end of octet. ([8]Bug 13280)
* MS-WSP dissector no longer works since commit
8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. ([9]Bug 13299)
* TBCD string decoded wrongly in MAP ATI message. ([10]Bug 13316)
* Filter Documentation: The tilde (~) operator is not documented.
([11]Bug 13320)
New and Updated Features
There are no new features in this release.
New File Format Decoding Support
There are no new file formats in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DVB-CI, GSM MAP, ISAKMP, MS-WSP, PPP, QUIC, SMTP, and UDLD
New and Updated Capture File Support
There is no new or updated capture file support in this release.
Daintree SNA, and DBS Etherwatch
New and Updated Capture Interfaces support
There are no new or updated capture interfaces supported in this
release.
__________________________________________________________________
Getting Wireshark
Wireshark source code and installation packages are available from
[12]https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can be
found on the [13]download page on the Wireshark web site.
__________________________________________________________________
File Locations
Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
vary from platform to platform. You can use About->Folders to find the
default locations on your system.
__________________________________________________________________
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. ([14]Bug 1419)
The BER dissector might infinitely loop. ([15]Bug 1516)
Capture filters aren't applied when capturing from named pipes.
([16]Bug 1814)
Filtering tshark captures with read filters (-R) no longer works.
([17]Bug 2234)
Application crash when changing real-time option. ([18]Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases.
([19]Bug 4985)
Wireshark should let you work with multiple capture files. ([20]Bug
10488)
Dell Backup and Recovery (DBAR) makes many Windows applications crash,
including Wireshark. ([21]Bug 12036)
__________________________________________________________________
Getting Help
Community support is available on [22]Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and archives for
all of Wireshark's mailing lists can be found on [23]the web site.
Official Wireshark training and certification are available from
[24]Wireshark University.
__________________________________________________________________
Frequently Asked Questions
A complete FAQ is available on the [25]Wireshark web site.
__________________________________________________________________
Last updated 2017-01-23 20:21:22 UTC
References
1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11553
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11785
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12263
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13030
5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13093
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13188
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13246
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13280
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13299
10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13316
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13320
12. https://www.wireshark.org/download.html
13. https://www.wireshark.org/download.html#thirdparty
14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
22. https://ask.wireshark.org/
23. https://www.wireshark.org/lists/
24. http://www.wiresharktraining.com/
25. https://www.wireshark.org/faq.html
Digests
wireshark-2.0.10.tar.bz2: 31209704 bytes
SHA256(wireshark-2.0.10.tar.bz2)=28c3ffcc20b5f80e655bb6408f2aefa8740e9fba3ce84b7cbd4b5001f3886fa8
RIPEMD160(wireshark-2.0.10.tar.bz2)=142de1e809a02460de797fb03ab990daa017c141
SHA1(wireshark-2.0.10.tar.bz2)=dea5241c550ede8a7782ffdbbf479c8603b2e5cd
MD5(wireshark-2.0.10.tar.bz2)=5598b1cea999ffe19038b36cb4a56c7f
Wireshark-win64-2.0.10.exe: 47780784 bytes
SHA256(Wireshark-win64-2.0.10.exe)=e2d7819e2ae8413a6782acd012b3f77f45a199412c734f1358f71809f9d1c1d6
RIPEMD160(Wireshark-win64-2.0.10.exe)=7507d9da169edf70049972713135be0235f863f2
SHA1(Wireshark-win64-2.0.10.exe)=53be62c88bb4c0479bbfabd6367b91df23274254
MD5(Wireshark-win64-2.0.10.exe)=ab13ca204658a84759f0918985fefca9
Wireshark-win32-2.0.10.exe: 44170128 bytes
SHA256(Wireshark-win32-2.0.10.exe)=c324d910c5aa568da392a276ffa8abba0e1452029a3ede33f71b4036f8b958ee
RIPEMD160(Wireshark-win32-2.0.10.exe)=b949cb34a25072bdb09e6875aa9c934487cbdfc8
SHA1(Wireshark-win32-2.0.10.exe)=f4fabbabbb4331c822dc89807683b4febc040151
MD5(Wireshark-win32-2.0.10.exe)=a53e5ff37a76056d1dfb36cd643822de
WiresharkPortable_2.0.10.paf.exe: 43800488 bytes
SHA256(WiresharkPortable_2.0.10.paf.exe)=2d22ce626e1a37dc6d3a3da52be99d1850b855ce3e07676525447e6091d0d62a
RIPEMD160(WiresharkPortable_2.0.10.paf.exe)=5ff600ad56d996122d7aa7ade7b873217b3e4ab4
SHA1(WiresharkPortable_2.0.10.paf.exe)=3e67a6e90e769d75e332ab84890b19662252100b
MD5(WiresharkPortable_2.0.10.paf.exe)=7c03cd1d192a50ef257c74d0602f3592
Wireshark 2.0.10 Intel 64.dmg: 31750800 bytes
SHA256(Wireshark 2.0.10 Intel
64.dmg)=7ae0079b63a6c64eafca253452d2b71d017c7436e61ab7a2a5404c0e6064e69d
RIPEMD160(Wireshark 2.0.10 Intel
64.dmg)=b0e4b585155c3ec93eda5ed1f746579c18cd5517
SHA1(Wireshark 2.0.10 Intel 64.dmg)=39f72e98731c0286350e6ba44ed0d95e19f03a0e
MD5(Wireshark 2.0.10 Intel 64.dmg)=4f8b95b9c40518bc4db0e2e945d11643
Wireshark 2.0.10 Intel 32.dmg: 32490466 bytes
SHA256(Wireshark 2.0.10 Intel
32.dmg)=eb44b9265cc39ca9dc90e9eb86ac5f844be695d86432d859d48417d41bbe0f98
RIPEMD160(Wireshark 2.0.10 Intel
32.dmg)=7de0c6a7e46be5ef780f7784aa9e70e2b7e75814
SHA1(Wireshark 2.0.10 Intel 32.dmg)=c67e5305641959699cbfdcda88897da6d79bea25
MD5(Wireshark 2.0.10 Intel 32.dmg)=0801ab54be0c180c55c28ab72172032c
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWIfse4x+lLeg9Ub1AQgKpA//begkX5rAHwhQ+8uPN+/oIwkxSFCMIEt4
A2h7uUm2MZagX+6GUcGZ/guMsEbgGVgEmqfwN9rDqfrxJJQjLnNB14KSrdXQmu3s
pZaWmxkg7J6FpkKlNm85s/g/Mzfg/iKQGbl+4hVl1pLipvcdBqyJVZu225wuTz24
qUCJzOgra5kgCbzecc76AXGslXB4kJUS6YXnwwG2mU67P9u1FfMZT5NToebIoQVs
lYt/YLG264995OknAMkxuK303C7Gu5yykW5xQrE+EL7lPXW+ZEQrW0h9uyC+IbWA
0DvDSOfwR7tdwh/T0bZ+MX9vT52fuIgj1hHDyBZAOM3pY/i9xx0X7EwM20k1n8QK
gx2XMebnIT67ikSK/cJvY1dX2KxrrxggVxC/Wl1pd0czzzrZyPqnBFdB57Z+PMlu
wZRLh+hs6EMG8m5uJ2eWU/oEOfaUX1Z5gRwQJ85IXlkL6VNWUEnNcye1Dpp+thcY
hO3zNQcqSDqGvWWJV32niPXKTEPz2dn350Xw8t/wDcmhwksYNEDYABN/3pC/cqXU
C3sLKElrPjQxwyhCiMsCvE8kmOnbbOfJEXlMmaYaVrRms/f4KqjYeYWsxHVMMmOa
uz3KQ8RKP7lzPMhi3WEwBfvDLWeyR5ogcEJldrXFm49rka4Rv3bnpu0oKwvtas5U
U1l9OGj5yfc=
=Olmr
-----END PGP SIGNATURE-----