Wireshark 1.2.2 fixes vulnerabilities
Wireshark is a popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.
The following vulnerabilities have been fixed:
- The GSM A RR dissector could crash. Versions affected: 1.2.0 to 1.2.1
- The OpcUa dissector could use excessive CPU and memory. Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1
- The TLS dissector could crash on some platforms. Versions affected: 1.2.0 to 1.2.1.
The following bugs have been fixed:
- The “Capture->Interfaces” window can’t be closed.
- tshark-1.0.2 (dumpcap) signal abort core saved.
- Memory leak fixes.
- Display filter autocompletion doesn’t work for some RADIUS and WiMAX ASNCP fields.
- Wireshark Portable includes wrong WinPcap installer.
- Crash when loading a profile.
- The proto,colinfo tap doesn’t work if the INFO column isn’t being printed.
- Flow Graph adds too much unnecessary garbage.
- The EAP Diameter dictionary file was missing in the distribution.
- Graph analysis window is behind other window.
- IKEv2 Cert Request payload dissection error.
- DNS NAPTR RR (RFC 3403) replacement MUST be a fully qualified domain-name.
- Malformed RTCP Packet error while sending Payload specific RTCP feedback packet( as per RFC 4585).
- 802.11n Block Ack packet Bitmap field missing.
- Wireshark doesn’t decode WBXML/ActiveSync information correctly.
- Malformed packet when IPv6 packet has Next Header == 59.
- Wireshark could crash while reading an ERF file.
- Minor errors in gsm rr dissectors.
- WPA Decryption Issues.
- GSM A RR sys info dissection problem.
- GSM A RR inverts MEAS-VALID values.
- PDML output leaks ~300 bytes / packet.
- Incorrect station identifier parsing in Kingfisher dissector.
- DHCPv6, Vendor-Specific Informantion, SubOption”Option Request” parser incorrect.
- Wireshark could leak memory while analyzing SSL.
- Wireshark could crash while updating menu items after reading a file in some cases.
- The Mac OS X ChmodBPF script now works correctly under Snow Leopard.