Wireshark 2.2.8 Release Notes __________________________________________________________________ What is Wireshark? Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. __________________________________________________________________ What's New Bug Fixes The following vulnerabilities have been fixed: * [1]wnpa-sec-2017-13 WBMXL dissector infinite loop ([2]Bug 13477, [3]Bug 13796) [4]CVE-2017-7702, cve-idlink:CVE-2017-11410[] Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12. * [5]wnpa-sec-2017-28 openSAFETY dissector memory exhaustion ([6]Bug 13649, [7]Bug 13755) [8]CVE-2017-9350, [9]CVE-2017-11411 Note: This is an update for a fix in Wireshark 2.2.7. * [10]wnpa-sec-2017-34 AMQP dissector crash. ([11]Bug 13780) [12]CVE-2017-11408 * [13]wnpa-sec-2017-35 MQ dissector crash. ([14]Bug 13792) [15]CVE-2017-11407 * [16]wnpa-sec-2017-36 DOCSIS infinite loop. ([17]Bug 13797) [18]CVE-2017-11406 The following bugs have been fixed: * Y.1711 dissector reverses defect type order. ([19]Bug 8292) * Packet list keeps scrolling back to selected packet while names are being resolved. ([20]Bug 12074) * [REGRESSION] Export Objects do not show files from a SMB2 capture. ([21]Bug 13214) * LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values. ([22]Bug 13481) * Hexpane showing in proportional font again. ([23]Bug 13638) * Regression in SCCP fragments handling. ([24]Bug 13651) * TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. ([25]Bug 13739) * Dissector for WSMP (IEEE 1609.3) not current. ([26]Bug 13766) * RANAP: possible issue in the heuristic code. ([27]Bug 13770) * [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-btrfcomm.c:314:37. ([28]Bug 13783) * RANAP: false positives on heuristic algorithm. ([29]Bug 13791) * Automatic name resolution not saved to PCAP-NG NRB. ([30]Bug 13798) * DAAP dissector dissect_daap_one_tag recursion stack exhausted. ([31]Bug 13799) * Malformed DCERPC PNIO packet decode, exception handler invalid poionter reference. ([32]Bug 13811) * It seems SPVID was decoded from wrong field. ([33]Bug 13821) * README.dissectors: Add notes about predefined string structures not available to plugin authors. ([34]Bug 13828) * Statistics->Packet Lengths doesn't display details for 5120 or greater. ([35]Bug 13844) * cmake/modules/FindZLIB.cmake doesn't find inflatePrime. ([36]Bug 13850) * BGP: incorrect decoding COMMUNITIES whose length is larger than 255. ([37]Bug 13872) New and Updated Features There are no new features in this release. New File Format Decoding Support There are no new file formats in this release. New Protocol Support There are no new protocols in this release. Updated Protocol Support AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF, PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC, WBXML, WSMP, and Y.1711 New and Updated Capture File Support pcap pcap-ng New and Updated Capture Interfaces support There are no new or updated capture interfaces supported in this release. Major API Changes There are no major API changes in this release. __________________________________________________________________ Getting Wireshark Wireshark source code and installation packages are available from [38]https://www.wireshark.org/download.html. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the [39]download page on the Wireshark web site. __________________________________________________________________ File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system. __________________________________________________________________ Known Problems Dumpcap might not quit if Wireshark or TShark crashes. ([40]Bug 1419) The BER dissector might infinitely loop. ([41]Bug 1516) Capture filters aren't applied when capturing from named pipes. ([42]Bug 1814) Filtering tshark captures with read filters (-R) no longer works. ([43]Bug 2234) Application crash when changing real-time option. ([44]Bug 4035) Wireshark and TShark will display incorrect delta times in some cases. ([45]Bug 4985) Wireshark should let you work with multiple capture files. ([46]Bug 10488) Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. ([47]Bug 12036) __________________________________________________________________ Getting Help Community support is available on [48]Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on [49]the web site. Official Wireshark training and certification are available from [50]Wireshark University. __________________________________________________________________ Frequently Asked Questions A complete FAQ is available on the [51]Wireshark web site. __________________________________________________________________ Last updated 2017-07-18 16:43:22 UTC References 1. https://www.wireshark.org/security/wnpa-sec-2017-13.html 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796 4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7702 5. https://www.wireshark.org/security/wnpa-sec-2017-28.html 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755 8. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9350 9. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11411 10. https://www.wireshark.org/security/wnpa-sec-2017-34.html 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780 12. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11408 13. https://www.wireshark.org/security/wnpa-sec-2017-35.html 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792 15. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11407 16. https://www.wireshark.org/security/wnpa-sec-2017-36.html 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797 18. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11406 19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8292 20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12074 21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13214 22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13481 23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13638 24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13651 25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13739 26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13766 27. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13770 28. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13783 29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13791 30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13798 31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799 32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811 33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13821 34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13828 35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13844 36. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13850 37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13872 38. https://www.wireshark.org/download.html 39. https://www.wireshark.org/download.html#thirdparty 40. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419 41. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516 42. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814 43. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 44. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035 45. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985 46. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488 47. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036 48. https://ask.wireshark.org/ 49. https://www.wireshark.org/lists/ 50. http://www.wiresharktraining.com/ 51. https://www.wireshark.org/faq.html