Wireshark-users: [Wireshark-users] Wireshark 2.4.4 is now available
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Thu, 11 Jan 2018 12:05:02 -0800
I'm proud to announce the release of Wireshark 2.4.4.

     __________________________________________________________________

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.
     __________________________________________________________________

What's New

  Bug Fixes

   The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2018-01
       Multiple dissectors could crash. ([2]Bug 14253) [3]CVE-2018-5336
     * [4]wnpa-sec-2018-03
       The IxVeriWave file parser could crash. ([5]Bug 14297)
       [6]CVE-2018-5334
     * [7]wnpa-sec-2018-04
       The WCP dissector could crash. ([8]Bug 14251) [9]CVE-2018-5335

   Prior to this release dumpcap enabled the Linux kernel's BPF JIT
   compiler via the net.core.bpf_jit_enable sysctl. This could make
   systems more vulnerable to Spectre variant 1 ([10]CVE-2017-5753) and
   this feature has been removed ([11]Bug 14313).

   The following bugs have been fixed:
     * Some keyboard shortcut mix-up has been resolved by assigning new
       shortcuts to Edit -> Copy methods.
     * Remote interfaces are not saved. ([12]Bug 8557)
     * Additional grouping in Expert Information dialog. ([13]Bug 11753)
     * First start with non-empty extcap folder after install or reboot
       hangs at "initializing tap listeners". ([14]Bug 12845)
     * Can't hide expert categories in Expert Information. ([15]Bug 13831)
     * Expert info dialog should have "Collapse All"/"Expand All" options.
       ([16]Bug 13842)
     * SIP Statistics extract does not work. ([17]Bug 13942)
     * Service Response Time - SCSI dialog crashes. ([18]Bug 14144)
     * Wireshark & Tshark 2.4.2 core dumps with segmentation fault.
       ([19]Bug 14194)
     * SSH remote capture promiscuous mode. ([20]Bug 14237)
     * SOCKS pseudo header displays incorrect Version value. ([21]Bug
       14262)
     * Only first variable of list is dissected in NTP Control request
       message. ([22]Bug 14268)
     * NTP Authenticator field dissection fails if padding is used.
       ([23]Bug 14269)
     * BSSAP packet dissector issue - BSSAP_UPLINK_TUNNEL_REQUEST message.
       ([24]Bug 14289)
     * "[Malformed Packet]" for Mobile IP (MIP) protocol. ([25]Bug 14292)
     * There is a potential buffer underflow in File_read_line function in
       epan/wslua/wslua_file.c file. ([26]Bug 14295)
     * Saving a temporary capture file may not result in the temporary
       file being removed. ([27]Bug 14298)

  New and Updated Features

   There are no new features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   Bluetooth, BSSAP, BT ATT, BT HCI, BT SMP, MIP, NTP, SCTP, SOCKS, UDS,
   and WCP

  New and Updated Capture File Support

   Ixia IxVeriWave
     __________________________________________________________________

Getting Wireshark

   Wireshark source code and installation packages are available from
   [28]https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can be
   found on the [29]download page on the Wireshark web site.
     __________________________________________________________________

File Locations

   Wireshark and TShark look in several different locations for preference
   files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
   vary from platform to platform. You can use About->Folders to find the
   default locations on your system.
     __________________________________________________________________

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. ([30]Bug 1419)

   The BER dissector might infinitely loop. ([31]Bug 1516)

   Capture filters aren't applied when capturing from named pipes.
   ([32]Bug 1814)

   Filtering tshark captures with read filters (-R) no longer works.
   ([33]Bug 2234)

   Application crash when changing real-time option. ([34]Bug 4035)

   Wireshark and TShark will display incorrect delta times in some cases.
   ([35]Bug 4985)

   Wireshark should let you work with multiple capture files. ([36]Bug
   10488)
     __________________________________________________________________

Getting Help

   Community support is available on [37]Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and archives for
   all of Wireshark's mailing lists can be found on [38]the web site.

   Official Wireshark training and certification are available from
   [39]Wireshark University.
     __________________________________________________________________

Frequently Asked Questions

   A complete FAQ is available on the [40]Wireshark web site.
     __________________________________________________________________

   Last updated 2018-01-11 17:57:46 UTC

References

   1. https://www.wireshark.org/security/wnpa-sec-2018-01.html
   2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253
   3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5336
   4. https://www.wireshark.org/security/wnpa-sec-2018-03.html
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297
   6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5334
   7. https://www.wireshark.org/security/wnpa-sec-2018-04.html
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251
   9. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5335
  10. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
  11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14313
  12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8557
  13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11753
  14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12845
  15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13831
  16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13842
  17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13942
  18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14144
  19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14194
  20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14237
  21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14262
  22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14268
  23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14269
  24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14289
  25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14292
  26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295
  27. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14298
  28. https://www.wireshark.org/download.html
  29. https://www.wireshark.org/download.html#thirdparty
  30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
  31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
  32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
  33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
  34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
  35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
  36. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
  37. https://ask.wireshark.org/
  38. https://www.wireshark.org/lists/
  39. http://www.wiresharktraining.com/
  40. https://www.wireshark.org/faq.html


Digests

wireshark-2.4.4.tar.xz: 28818372 bytes
SHA256(wireshark-2.4.4.tar.xz)=049a758e39422dcd536d7f75cebbfaa44e4f305d602bf22964d6459821126f58
RIPEMD160(wireshark-2.4.4.tar.xz)=ee062bc380db3efce21640774bf6cb5c327b8b27
SHA1(wireshark-2.4.4.tar.xz)=cefc8e6666ee2f73d7f96f2708d582c57abb486f

Wireshark-win32-2.4.4.exe: 52697912 bytes
SHA256(Wireshark-win32-2.4.4.exe)=1f93c1df271aeaa60161d67abd9e17f48f07f1a7cfc84c3c09076be23b2a845e
RIPEMD160(Wireshark-win32-2.4.4.exe)=93ce703dc83c6cc0c23ade12a59bcbaa6088b8ba
SHA1(Wireshark-win32-2.4.4.exe)=1d14fb39f382909587ac9ce65477f1702570cb3a

Wireshark-win64-2.4.4.exe: 57913704 bytes
SHA256(Wireshark-win64-2.4.4.exe)=f532b664921a317c151ef0fb2b4e7badcdb9ecd5a969d38bd54568a6a0a18c68
RIPEMD160(Wireshark-win64-2.4.4.exe)=137f4225a15183bacc9c4c51522a99b624095c39
SHA1(Wireshark-win64-2.4.4.exe)=e7890e6445118a9238cab51cf89407c6fdd2235d

Wireshark-win64-2.4.4.msi: 47095808 bytes
SHA256(Wireshark-win64-2.4.4.msi)=38293816156d0aa51302e09fa2901a24913eb8e1b8cebee9bb90b318d85343f5
RIPEMD160(Wireshark-win64-2.4.4.msi)=5b50bc5d30dad6f5e9eac8539da57c373f5c291d
SHA1(Wireshark-win64-2.4.4.msi)=70c0be5ff3d5d61428e7b07885a979d12e82ea6b

Wireshark-win32-2.4.4.msi: 41943040 bytes
SHA256(Wireshark-win32-2.4.4.msi)=0407314ae45c391ca6cccddf428b8f452e6dbbfee13143d4cb178f643e8a5a8b
RIPEMD160(Wireshark-win32-2.4.4.msi)=22b168509f5bf9e8df2013aed781686ad89959b8
SHA1(Wireshark-win32-2.4.4.msi)=003c2d7c3670b19b4397fc9855683e65ea12ea56

WiresharkPortable_2.4.4.paf.exe: 45378496 bytes
SHA256(WiresharkPortable_2.4.4.paf.exe)=4c6c0481ed216e797351fc38ba63754e37ac4cb2686595204f9be00d3b5dd4bb
RIPEMD160(WiresharkPortable_2.4.4.paf.exe)=773aa2c4fc2cd4126fd3da06da3066c27e45cd79
SHA1(WiresharkPortable_2.4.4.paf.exe)=f484dd8d2bba9ccaefe187c0e50f30c231141bce

Wireshark 2.4.4 Intel 64.dmg: 35240389 bytes
SHA256(Wireshark 2.4.4 Intel
64.dmg)=eb6d9a304b2697a90f267bd8734926a9fe37939aab8394a550cd4c272dd15e11
RIPEMD160(Wireshark 2.4.4 Intel
64.dmg)=9cdf3614de288ae38170fae1d540bb3b874f997b
SHA1(Wireshark 2.4.4 Intel 64.dmg)=c1e169fbf3797a082b638cd8415d20f63d476131

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: signature.asc
Description: OpenPGP digital signature