Wireshark 0.99.2 has been released.
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer.
It is used for troubleshooting, analysis, development, and
education.
What's New
Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory at
http://www.wireshark.org/security/wnpa-sec-2006-01.html
for details and a workaround.
o The GSM BSSMAP dissector could crash. Versions affected:
0.10.11. CVE-2006-3627
Ilja van Sprundel discovered the following vulnerabilities:
o The ANSI MAP dissector was vulnerable to a format string
overflow. Versions affected: 0.10.0. CVE-2006-3628
o The Checkpoint FW-1 dissector was vulnerable to a format
string overflow. Versions affected: 0.10.10. CVE-2006-3628
o The MQ dissector was vulnerable to a format string overflow.
Versions affected: 0.10.4. CVE-2006-3628
o The XML dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13. CVE-2006-3628
o The MOUNT dissector could attempt to allocate large amounts of
memory. Versions affected: 0.9.4. CVE-2006-3629
o The NCP NMAS and NDPS dissectors were susceptible to
off-by-one errors. Versions affected: 0.9.7. CVE-2006-3630
o The NTP dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13. CVE-2006-3628
o The SSH dissector was vulnerable to an infinite loop. Versions
affected: 0.9.10. CVE-2006-3631
o The NFS dissector may have been susceptible to a buffer
overflow. Versions affected: 0.8.16. CVE-2006-3632
Ilja found several other problems that could result in
mis-dissected packets. They have been fixed.
The following non-security-related bugs have been fixed:
o The "Follow TCP Stream" dialog now wraps long lines.
o Wireshark no longer aborts under Windows 95, 98, or ME.
== Warning ==
Windows 95, 98, and ME do not support memory protection
features that are required in order to run Wireshark securely.
It is strongly recommended that you not run Wireshark on these
platforms.
o File exports under Windows work again.
o Problems with ring buffers under 0.99.0 have been fixed.
o It was possible for Wireshark to crash when closing the
capture information dialog. This has been fixed.
o It was possible for Wireshark to crash when using the "Find"
feature. This has been fixed.
o Wireshark could crash if an interface was removed while
viewing the interface list. This has been fixed.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o Multicast stream analysis (Statistics->Multicast Streams) has
been added. It lets you determine burst size, output buffer
size, and losses for multicast data.
o TCP reassembly has been updated and improved.
o Expert analysis has been updated and improved.
o SCSI service response time statistics have been added.
o You can now find next/previous marked frames.
o The LDAP and SNMP dissectors have been completely rewriten.
o The SMB dissector now tracks filenames and share names.
o The Windows file dialogs have been improved.
o If Wireshark is linked with the PortAudio library, you can now
listen to RTP streams. (PortAudio didn't make the cut in the
current Windows installer. It will be included with 0.99.3.)
New Protocol Support
Bluetooth HCI (ACL, Command, Event, L2CAP, H4, RFCOMM, SCO, SDP),
Cisco WIDS, DTLS, Ether-S-Bus, OMA ULP, PN-MRP, PN-MRRT, REXEC
(yes, that REXEC), RRLP, RSerPool (CalcAppProtocol,
ComponentStatusProtocol, FractalGeneratorProtocol,
PingPongProtocol), Telkonet, TiVoConnect Discovery Protocol
Updated Protocol Support
AIM, AMR, ASAP, BER, BGP, BSSAP, BVLC, CAMEL, CMS, COPS, DAP,
DCERPC (NETLOGON, PNIO), DCOM, DIAMETER, DVMRP, EAPOL, ENRP, ESP,
FC, FIX, Frame, GPRS LLC, GSM A, GSM MAP, GSSAPI, GTP, H.225,
H.235, H.245, H.248, H.263, H.450, H1, ICMP, IEEE 802.11, INAP,
IP, IPMI, iSCSI, ISUP, JXTA, Kerberos, LDAP, LLDP, MEGACO, MySQL,
NBAP, NDMP, NFS, OICQ, PER, PGM, PN-PTCP, Q.931, RANAP, RNSAP,
ROS, RTCP, S4406, S5066, SCCP, SCSI, SDP, SIP, SMB (PIPE, SMB),
SNMP, SSL, SUA, TCP, TDS, TELNET, TIPC, UMA, X.420, X.509 (af, ce,
if), XML
New and Updated Capture File Support
Wireshark can now read BER-encoded files. Catapult DCT2000 support
has been updated.
Getting Wireshark
The source code and Windows installer can be downloaded immediately
from http://www.wireshark.org/download/ .
-------------------------------------------------------------------
Digests
wireshark-0.99.2.tar.bz2: 9748955 bytes
MD5(wireshark-0.99.2.tar.bz2)=e8c85053225ab8f8deba07a4b19bff6b
SHA1(wireshark-0.99.2.tar.bz2)=f3f4f78b5ddbd45f9d805d1a9b50250d323bb57f
RIPEMD160(wireshark-0.99.2.tar.bz2)=3188b41839a9b1579a2e181cbfd22295ade46649
wireshark-0.99.2.tar.gz: 12358081 bytes
MD5(wireshark-0.99.2.tar.gz)=46d3b7c9766960fb34782c2078c50d13
SHA1(wireshark-0.99.2.tar.gz)=bf7fce12b521d297d03935883193a43dc7c89c89
RIPEMD160(wireshark-0.99.2.tar.gz)=c3ea4c0b104326b493aadf02d32b317de0741315
wireshark-setup-0.99.2.exe: 13162543 bytes
MD5(wireshark-setup-0.99.2.exe)=3df095c4e696079a6afcf9ff17622066
SHA1(wireshark-setup-0.99.2.exe)=160fb17d4f213326285176a8b34dd299bd32f44d
RIPEMD160(wireshark-setup-0.99.2.exe)=3afc34227060c70ab8614a6ba8f65de2b8c6ff68
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer.
It is used for troubleshooting, analysis, development, and
education.
What's New
Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory at
http://www.wireshark.org/security/wnpa-sec-2006-01.html
for details and a workaround.
o The GSM BSSMAP dissector could crash. Versions affected:
0.10.11. CVE-2006-3627
Ilja van Sprundel discovered the following vulnerabilities:
o The ANSI MAP dissector was vulnerable to a format string
overflow. Versions affected: 0.10.0. CVE-2006-3628
o The Checkpoint FW-1 dissector was vulnerable to a format
string overflow. Versions affected: 0.10.10. CVE-2006-3628
o The MQ dissector was vulnerable to a format string overflow.
Versions affected: 0.10.4. CVE-2006-3628
o The XML dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13. CVE-2006-3628
o The MOUNT dissector could attempt to allocate large amounts of
memory. Versions affected: 0.9.4. CVE-2006-3629
o The NCP NMAS and NDPS dissectors were susceptible to
off-by-one errors. Versions affected: 0.9.7. CVE-2006-3630
o The NTP dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13. CVE-2006-3628
o The SSH dissector was vulnerable to an infinite loop. Versions
affected: 0.9.10. CVE-2006-3631
o The NFS dissector may have been susceptible to a buffer
overflow. Versions affected: 0.8.16. CVE-2006-3632
Ilja found several other problems that could result in
mis-dissected packets. They have been fixed.
The following non-security-related bugs have been fixed:
o The "Follow TCP Stream" dialog now wraps long lines.
o Wireshark no longer aborts under Windows 95, 98, or ME.
== Warning ==
Windows 95, 98, and ME do not support memory protection
features that are required in order to run Wireshark securely.
It is strongly recommended that you not run Wireshark on these
platforms.
o File exports under Windows work again.
o Problems with ring buffers under 0.99.0 have been fixed.
o It was possible for Wireshark to crash when closing the
capture information dialog. This has been fixed.
o It was possible for Wireshark to crash when using the "Find"
feature. This has been fixed.
o Wireshark could crash if an interface was removed while
viewing the interface list. This has been fixed.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o Multicast stream analysis (Statistics->Multicast Streams) has
been added. It lets you determine burst size, output buffer
size, and losses for multicast data.
o TCP reassembly has been updated and improved.
o Expert analysis has been updated and improved.
o SCSI service response time statistics have been added.
o You can now find next/previous marked frames.
o The LDAP and SNMP dissectors have been completely rewriten.
o The SMB dissector now tracks filenames and share names.
o The Windows file dialogs have been improved.
o If Wireshark is linked with the PortAudio library, you can now
listen to RTP streams. (PortAudio didn't make the cut in the
current Windows installer. It will be included with 0.99.3.)
New Protocol Support
Bluetooth HCI (ACL, Command, Event, L2CAP, H4, RFCOMM, SCO, SDP),
Cisco WIDS, DTLS, Ether-S-Bus, OMA ULP, PN-MRP, PN-MRRT, REXEC
(yes, that REXEC), RRLP, RSerPool (CalcAppProtocol,
ComponentStatusProtocol, FractalGeneratorProtocol,
PingPongProtocol), Telkonet, TiVoConnect Discovery Protocol
Updated Protocol Support
AIM, AMR, ASAP, BER, BGP, BSSAP, BVLC, CAMEL, CMS, COPS, DAP,
DCERPC (NETLOGON, PNIO), DCOM, DIAMETER, DVMRP, EAPOL, ENRP, ESP,
FC, FIX, Frame, GPRS LLC, GSM A, GSM MAP, GSSAPI, GTP, H.225,
H.235, H.245, H.248, H.263, H.450, H1, ICMP, IEEE 802.11, INAP,
IP, IPMI, iSCSI, ISUP, JXTA, Kerberos, LDAP, LLDP, MEGACO, MySQL,
NBAP, NDMP, NFS, OICQ, PER, PGM, PN-PTCP, Q.931, RANAP, RNSAP,
ROS, RTCP, S4406, S5066, SCCP, SCSI, SDP, SIP, SMB (PIPE, SMB),
SNMP, SSL, SUA, TCP, TDS, TELNET, TIPC, UMA, X.420, X.509 (af, ce,
if), XML
New and Updated Capture File Support
Wireshark can now read BER-encoded files. Catapult DCT2000 support
has been updated.
Getting Wireshark
The source code and Windows installer can be downloaded immediately
from http://www.wireshark.org/download/ .
-------------------------------------------------------------------
Digests
wireshark-0.99.2.tar.bz2: 9748955 bytes
MD5(wireshark-0.99.2.tar.bz2)=e8c85053225ab8f8deba07a4b19bff6b
SHA1(wireshark-0.99.2.tar.bz2)=f3f4f78b5ddbd45f9d805d1a9b50250d323bb57f
RIPEMD160(wireshark-0.99.2.tar.bz2)=3188b41839a9b1579a2e181cbfd22295ade46649
wireshark-0.99.2.tar.gz: 12358081 bytes
MD5(wireshark-0.99.2.tar.gz)=46d3b7c9766960fb34782c2078c50d13
SHA1(wireshark-0.99.2.tar.gz)=bf7fce12b521d297d03935883193a43dc7c89c89
RIPEMD160(wireshark-0.99.2.tar.gz)=c3ea4c0b104326b493aadf02d32b317de0741315
wireshark-setup-0.99.2.exe: 13162543 bytes
MD5(wireshark-setup-0.99.2.exe)=3df095c4e696079a6afcf9ff17622066
SHA1(wireshark-setup-0.99.2.exe)=160fb17d4f213326285176a8b34dd299bd32f44d
RIPEMD160(wireshark-setup-0.99.2.exe)=3afc34227060c70ab8614a6ba8f65de2b8c6ff68
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-dev