Opened 7 months ago

Closed 7 months ago

Last modified 8 weeks ago

#14751 closed enhancement (fixed)

wireshark-3.4.4

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Douglas R. Reno, 7 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 7 months ago

Priority: normalelevated
What’s New
Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-03 Wireshark could open unsafe URLs. Issue 17232. CVE-2021-22191.

The following bugs have been fixed:

    NTP Version 3 Client Decode PDML output issue (Reference ID Issue) Issue 17112.

    3.4.2: public wireshark include files are including build time "config.h" Issue 17190.

    wireshark-3.4.3/epan/dissectors/packet-s7comm.c:3521: bad array index ? Issue 17198.

    SIP protocol: P-Called-Party-ID header mixed up with P-Charge-Info header Issue 17215.

    Asterix CAT010 Decode Error Issue 17226.

    _ws.expert columns not populated for IPv4 Issue 17228.

    Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue 17233.

    gQUIC: Wireshark 3.4.3 fails to dissect a packet (gQUIC q024) that v3.2.6 succeeds. Issue 17250.

New and Updated Features

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

ASTERIX, Frame Relay, GQUIC, NTP, NVMe Fabrics RDMA, S7COMM, and SIP

New and Updated Capture File Support

iSeries

https://gitlab.com/wireshark/wireshark/-/issues/17232 - This vulnerability was introduced about 17 years ago!

comment:3 by Douglas R. Reno, 7 months ago

The official classification is "Remote Code Execution". In the case of the Windows PoC, it pops a Java window, but in the case of the two Linux PoCs (pulling the file from WebDav and NFS), it pops an xmessage window.

comment:4 by Douglas R. Reno, 7 months ago

Resolution: fixed
Status: assignedclosed

comment:5 by Bruce Dubbs, 8 weeks ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.