Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed.
The WCP dissector could crash. (Bug 10844) CVE-2015-2188
The pcapng file parser could crash. (Bug 10895) CVE-2015-2189
The TNEF dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11023) CVE-2015-2190
The following bugs have been fixed:
- IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
- DHCP Option 125 Suboption: (1) option-len always expects 1 but specification allows for more. (Bug 10784)
- Little-endian OS X Bluetooth PacketLogger files aren’t handled. (Bug 10861)
- X.509 certificate serial number incorrectly interpreted as negative number. (Bug 10862)
- H.248 "ServiceChangeReasonStr" messages are not shown in text generated by tshark. (Bug 10879)
- Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI. (Bug 10897)
- MEGACO wrong decoding on media port. (Bug 10898)
- Wrong media format. (Bug 10899)
- BSSGP Status PDU decoding fault (missing Mandatory element (0x04) BVCI for proper packet). (Bug 10903)
- Packets on OpenBSD loopback decoded as raw not null. (Bug 10956)
- Display Filter Macro unable to edit. (Bug 10957)
- IPv6 Local Mobility Anchor Address mobility option code is treated incorrectly. (Bug 10961)
- Juniper Packet Mirror dissector expects ipv6 flow label = 0. (Bug 10976)
- Infinite loop DoS in TNEF dissector. (Bug 11023)
ANSI IS-637-A, DHCP, GSM MAP, H.248, IPv6, Juniper Jmirror, and X.509AF
Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)
Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug 4445)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.