path: root/docbook/release-notes.asciidoc

= Wireshark wireshark-version:[] Release Notes
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc

== What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

== What's New

=== Bug Fixes

The following vulnerabilities have been fixed:

* ws-salink:2017-13[]
+
WBMXL dissector infinite loop
(ws-buglink:13477[], ws-buglink:13796[])
//cve-idlink:2017-7702[]
// Fixed in master: 8e1befc, 50fa2d9
// Fixed in master-2.2: bb67dbf, 651a974
// Fixed in master-2.0: 2f322f6, 3c7168c
Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12.

//* Buildbot crash output: fuzz-2017-06-12-4268.pcap. (ws-buglink:13796[])
// Same as CVE-2017-7702 / wnpa-sec-2017-13 / bug 13477

* ws-salink:2017-28[]
+
openSAFETY dissector memory exhaustion
(ws-buglink:13649[], ws-buglink:13755[])
// cve-idlink:2017-9350[]
// Fixed in master: f643169, 66c5058
// Fixed in master-2.2: 3ce1ba9, 54acd9b
// Fixed in master-2.0: dbc7cb0, a83a324
Note: This is an update for a fix in Wireshark 2.2.7.

//* [oss-fuzz] Allocation too large: 4294967295 > 2147483648 (0xffffffff > 0x80000000). (ws-buglink:13755[])
// Same as CVE-2017-9350 / wnpa-sec-2017-28 / bug 13649

* ws-salink:2017-34[]
+
AMQP dissector crash.
(ws-buglink:13780[])
// cve-idlink:2017-XXXX[]
// Fixed in master: 246cbbc, 2de483c
// Fixed in master-2.2: d6231d9, a102c17
// Fixed in master-2.0: e57c86e

* ws-salink:2017-35[]
+
MQ dissector crash.
(ws-buglink:13792[])
// cve-idlink:2017-XXXX[]
// Fixed in master: bb58b3a
// Fixed in master-2.2: 4e54dae
// Fixed in master-2.0: 8fcd725

* ws-salink:2017-36[]
+
DOCSIS infinite loop.
(ws-buglink:13797[])
// cve-idlink:2017-XXXX[]
// Fixed in master: 26a6881
// Fixed in master-2.2: 2502162
// Fixed in master-2.0: 283b0af

* ws-salink:2017-37[]
+
GPRS LLC large loop.
(ws-buglink:13603[])
// cve-idlink:2017-XXXX[]
// Fixed in master: n/a
// Fixed in master-2.2: n/a
// Fixed in master-2.0: 57b83bb

//* Buildbot crash output: fuzz-2017-07-04-2598.pcap. (ws-buglink:13871[])
// No a vulnerability.

The following bugs have been fixed:

//* ws-buglink:5000[]
//* ws-buglink:6000[Wireshark bug]
//* cve-idlink:2016-7000[]
//* Wireshark insists on calling you on your land line which is keeping you from abandoning it for cellular. (ws-buglink:0000[])
// cp /dev/null /tmp/buglist.txt ; for bugnumber in `git log --stat v2.0.14rc0..| grep ' Bug:' | cut -f2 -d: | sort -n -u ` ; do gen-bugnote $bugnumber; pbpaste >> /tmp/buglist.txt; done

* Regression in SCCP fragments handling. (ws-buglink:13651[])

* TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. (ws-buglink:13739[])

* Dissector for WSMP (IEEE 1609.3) not current. (ws-buglink:13766[])

* DAAP dissector dissect_daap_one_tag recursion stack exhausted. (ws-buglink:13799[])

* Malformed DCERPC PNIO packet decode, exception handler invalid pointer reference. (ws-buglink:13811[])

* It seems SPVID was decoded from wrong field. (ws-buglink:13821[])

* README.dissectors: Add notes about predefined string structures not available to plugin authors. (ws-buglink:13828[])

* cmake/modules/FindZLIB.cmake doesn't find inflatePrime. (ws-buglink:13850[])

* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-btrfcomm.c:314:37. (ws-buglink:13783[])

=== New and Updated Features

There are no new features in this release.

//=== Removed Dissectors

=== New File Format Decoding Support

There are no new file formats in this release.

=== New Protocol Support

There are no new protocols in this release.

=== Updated Protocol Support

--sort-and-group--
AMQP
BSSMAP
BT RFCOMM
DAAP
DOCSIS
GPRS LLC
ISIS LSP
MQ
OpenSafety
OSPF
PROFINET IO
SCCP
TCAP
TCP
UMTS FP
UMTS RLC
WBMXL
WSMP
--sort-and-group--

=== New and Updated Capture File Support

//There is no new or updated capture file support in this release.
--sort-and-group--
pcap
--sort-and-group--

=== New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.

== Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

=== Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can
usually install or upgrade Wireshark using the package management system
specific to that platform. A list of third-party packages can be found
on the https://www.wireshark.org/download.html#thirdparty[download page]
on the Wireshark web site.

== File Locations

Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About→Folders to find the default
locations on your system.

== Known Problems

Dumpcap might not quit if Wireshark or TShark crashes.
(ws-buglink:1419[])

The BER dissector might infinitely loop.
(ws-buglink:1516[])

Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814[])

Filtering tshark captures with read filters (-R) no longer works.
(ws-buglink:2234[])

Application crash when changing real-time option.
(ws-buglink:4035[])

Wireshark and TShark will display incorrect delta times in some cases.
(ws-buglink:4985[])

Wireshark should let you work with multiple capture files. (ws-buglink:10488[])

Dell Backup and Recovery (DBAR) makes many Windows applications crash,
including Wireshark. (ws-buglink:12036[])

== Getting Help

Community support is available on https://ask.wireshark.org/[Wireshark's
Q&A site] and on the wireshark-users mailing list. Subscription
information and archives for all of Wireshark's mailing lists can be
found on https://www.wireshark.org/lists/[the web site].

Official Wireshark training and certification are available from
http://www.wiresharktraining.com/[Wireshark University].

== Frequently Asked Questions

A complete FAQ is available on the
https://www.wireshark.org/faq.html[Wireshark web site].