Wireshark 1.4.4 released
Wireshark is a popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.
Wireshark 1.4.4 fixes the following vulnerabilities:
- Wireshark could free an uninitialized pointer while reading a malformed pcap-ng file. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. CVE-2011-0538
- A large packet length in a pcap-ng file could crash Wireshark. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
- Wireshark could overflow a buffer while reading a Nokia DCT3 trace file. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
- Wireshark on 32 bit systems could crash while reading a malformed 6LoWPAN packet. Versions affected: 1.4.0 to 1.4.3.
- LDAP and SMB dissectors could overflow the stack. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)
- Large LDAP Filter strings can consume excessive amounts of memory. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)
The following bugs have been fixed:
- A TCP stream would not always be recognized as the same stream.
- Wireshark Crashing by pressing 2 Buttons.
- A crash can occur in the NTLMSSP dissector.
- The column texts from a Lua dissector could be mangled.
- Corrections to ANSI MAP ASN.1 specifications.
- When searching in packet bytes, the field and bytes are not immediately shown.
- Malformed Packet: ULP reported when dissecting ULP SessionID PDU.
- Wrong IEI in container of decode_gtp_mm_cntxt.
- Display filter does not work for expressions of type BASE_DEC, BASE_DEC_HEX and BASE_HEX_DEC.
- NTLMSSP dissector may fail to compile due to space embedded in C comment delimiters.
- Allow for name resolution of link-scope and multicast IPv6 addresses from local host file.
- DHCPv6 dissector formats DUID_LLT time incorrectly.
- Allow for IEEE 802.3bc-2009 style PoE TLVs.
- Various fixes to the HIP packet dissector.
- Display “Day of Year” for January 1 as 1, not 0.
- Accommodate the CMake build on Ubuntu 10.10.
- E.212 MCC 260 Poland update according to local national regulatory.
- IPP on ports other than 631 not recognized.
- Potential access violation when writing to LANalyzer files.
- IEEE 802.15.4 Superframe Specification – Final CAP Slot always 0.
- Peer SRC and DST AS numbers are swapped for cflow.
- dumpcap: -q option behavior doesn’t match documentation.