Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#11920 closed enhancement (fixed)

Wireshark-3.0.1

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (4)

comment:1 by Bruce Dubbs, 5 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 5 years ago

Wireshark 3.0.1 Release Notes

The following vulnerabilities have been fixed:

  • wnpa-sec-2019-09[1] NetScaler file parser crash. Bug 15497[2]. CVE-2019-10895[3].
  • wnpa-sec-2019-10[4] SRVLOC dissector crash. Bug 15546[5]. CVE-2019-10899[6].
  • wnpa-sec-2019-11[7] IEEE 802.11 dissector infinite loop. Bug 15553[8]. CVE-2019-10897[9].
  • wnpa-sec-2019-12[10] GSUP dissector infinite loop. Bug 15585[11]. CVE-2019-10898[12].
  • wnpa-sec-2019-13[13] Rbm dissector infinite loop. Bug 15612[14]. CVE-2019-10900[15].
  • wnpa-sec-2019-14[16] GSS-API dissector crash. Bug 15613[17]. CVE-2019-10894[18].
  • wnpa-sec-2019-15[19] DOF dissector crash. Bug 15617[20]. CVE-2019-10896[21].
  • wnpa-sec-2019-16[22] TSDNS dissector crash. Bug 15619[23]. CVE-2019-10902[24].
  • wnpa-sec-2019-17[25] LDSS dissector crash. Bug 15620[26]. CVE-2019-10901[27].
  • wnpa-sec-2019-18[28] DCERPC SPOOLSS dissector crash. Bug 15568[29]. CVE-2019-10903[30].

The following bugs have been fixed:

  • [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770[31].
  • [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439[32].
  • Duplicated TCP SEQ field in ICMP packets. Bug 15533[33].
  • Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542[34].
  • Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545[35].
  • GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549[36].
  • Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561[37].
  • %T not supported for timestamps. Bug 15565[38].
  • LWM2M: resource with \r\n badly shown. Bug 15572[39].
  • When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578[40].
  • Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599[41].
  • Windows console log output delay. Bug 15605[42].
  • Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607[43].
  • NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608[44].
  • randpkt -r causes segfault when count > 1. Bug 15627[45].
  • Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628[46].
  • Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630[47].
  • BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631[48].
  • Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634[49].
  • Typo: broli → brotli. Bug 15647[50].
  • Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648[51].
  • Windows CHM (help file) title displays quoted HTML characters. Bug 15656[52].
  • Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667[53].

Updated Protocol Support

BGP, BSSAP, Couchbase, DCERPC SPOOLSS, DHCP, DHCPv6, DOF, FP, GSM A RR, GSS-API, GSUP, GTP, GTPv2, H248C, HL7, IEEE 802.11, IEEE 802.15.4, ISO 14443, LDSS, LwM2M-TLV, NLM, Rbm, SIP, SRVLOC, Syslog, TCP, TLS, and TSDNS

comment:3 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21464.

comment:4 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.