1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
Wireshark 1.12.10 Release Notes
__________________________________________________________________
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-01
DLL hijacking vulnerability. [2]CVE-2016-2521
* [3]wnpa-sec-2016-03
DNP dissector infinite loop. ([4]Bug 11938) [5]CVE-2016-2523
* [6]wnpa-sec-2016-10
RSL dissector crash. ([7]Bug 11829) [8]CVE-2016-2530
[9]CVE-2016-2531
* [10]wnpa-sec-2016-11
LLRP dissector crash. ([11]Bug 12048) [12]CVE-2016-2532
* [13]wnpa-sec-2016-14
GSM A-bis OML dissector crash. ([14]Bug 11825)
* [15]wnpa-sec-2016-15
ASN.1 BER dissector crash. ([16]Bug 12106)
* [17]wnpa-sec-2016-18
ASN.1 BER dissector crash. ([18]Bug 11822)
The following bugs have been fixed:
* Questionable calling of ethernet dissector by encapsulating
protocol dissectors. ([19]Bug 9933)
* Improper RPC reassembly ([20]Bug 11913)
* GTPv1 Dual Stack with one static and one Dynamic IP. ([21]Bug
11945)
* Failed to parse M3AP IE (TNL information). ([22]Bug 12070)
* Wrong interpretation of Instance ID value in OSPFv3 packet.
([23]Bug 12072)
* MP2T Dissector does parse RTP properly in 2.0.1. ([24]Bug 12099)
* editcap does not adjust time for frames with absolute timestamp 0 <
t < 1 secs. ([25]Bug 12116)
Windows installers and PortableApps® packages are now dual signed using
SHA-1 and SHA-256 in order to comply with [26]Microsoft Authenticode
policy. Windows 7 and Windows Server 2008 R2 users should ensure that
[27]update 3123479 is installed. Windows Vista and Windows Server 2008
users should ensure that [28]hotfix 2763674 is installed.
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASN.1 BER, BATADV, DNP3, E100, EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet,
InfiniBand, LLRP, M3AP, MP2T, NFS, OSPF, RoHC, RPC, RSL, TRILL, VXLAN,
and X.509AF
New and Updated Capture File Support
__________________________________________________________________
Getting Wireshark
Wireshark source code and installation packages are available from
[29]https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can be
found on the [30]download page on the Wireshark web site.
__________________________________________________________________
File Locations
Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
vary from platform to platform. You can use About->Folders to find the
default locations on your system.
__________________________________________________________________
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. ([31]Bug 1419)
The BER dissector might infinitely loop. ([32]Bug 1516)
Capture filters aren't applied when capturing from named pipes.
([33]Bug 1814)
Filtering tshark captures with read filters (-R) no longer works.
([34]Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption.
([35]Win64 development page)
Resolving ([36]Bug 9044) reopens ([37]Bug 3528) so that Wireshark no
longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. ([38]Bug 4035)
Hex pane display issue after startup. ([39]Bug 4056)
Packet list rows are oversized. ([40]Bug 4357)
Wireshark and TShark will display incorrect delta times in some cases.
([41]Bug 4985)
__________________________________________________________________
Getting Help
Community support is available on [42]Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and archives for
all of Wireshark's mailing lists can be found on [43]the web site.
Official Wireshark training and certification are available from
[44]Wireshark University.
__________________________________________________________________
Frequently Asked Questions
A complete FAQ is available on the [45]Wireshark web site.
__________________________________________________________________
Last updated 2016-02-26 09:32:05 PST
References
1. https://www.wireshark.org/security/wnpa-sec-2016-01.html
2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2521
3. https://www.wireshark.org/security/wnpa-sec-2016-03.html
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938
5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2523
6. https://www.wireshark.org/security/wnpa-sec-2016-10.html
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829
8. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2530
9. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2531
10. https://www.wireshark.org/security/wnpa-sec-2016-11.html
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12048
12. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2532
13. https://www.wireshark.org/security/wnpa-sec-2016-14.html
14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11825
15. https://www.wireshark.org/security/wnpa-sec-2016-15.html
16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12106
17. https://www.wireshark.org/security/wnpa-sec-2016-18.html
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11822
19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9933
20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11913
21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11945
22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12070
23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12072
24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12099
25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12116
26. http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx
27. https://support.microsoft.com/en-us/kb/3123479
28. https://support.microsoft.com/en-us/kb/2763674
29. https://www.wireshark.org/download.html
30. https://www.wireshark.org/download.html#thirdparty
31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
35. https://wiki.wireshark.org/Development/Win64
36. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
38. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
39. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
40. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
41. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
42. https://ask.wireshark.org/
43. https://www.wireshark.org/lists/
44. http://www.wiresharktraining.com/
45. https://www.wireshark.org/faq.html
|
