Wireshark 0.99.2 fixes the following vulnerabilities:
* The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE: CVE-2006-3627
Ilja van Sprundel discovered the following vulnerabilities:
* The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628
* The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE: CVE-2006-3628
* The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628
* The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
* The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE: CVE-2006-3629
* The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE: CVE-2006-3630
* The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
* The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE: CVE-2006-3631
* The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632
File exports under Windows work again.
Problems with ring buffers under 0.99.0 have been fixed.
It was possible for Wireshark to crash when closing the capture information dialog. This has been fixed.
It was possible for Wireshark to crash when using the "Find" feature. This has been fixed.
Wireshark could crash if an interface was removed while viewing the interface list. This has been fixed.
Multicast stream analysis (Statistics->Multicast Streams) has been added. It lets you determine burst size, output buffer size, and losses for multicast data.
TCP reassembly has been updated and improved.
Expert analysis has been updated and improved.
SCSI service response time statistics have been added.
You can now find next/previous marked frames.
The LDAP and SNMP dissectors have been completely rewriten.
The SMB dissector now tracks filenames and share names.
The Windows file dialogs have been improved.
If Wireshark is linked with the PortAudio library, you can now listen to RTP streams. (PortAudio didn't make the cut in the current Windows installer. It will be included with 0.99.3.)
New Protocol Support
Bluetooth HCI (ACL, Command, Event, L2CAP, H4, RFCOMM, SCO, SDP), Cisco WIDS, DTLS, Ether-S-Bus, OMA ULP, PN-MRP, PN-MRRT, REXEC (yes, that REXEC), RRLP, RSerPool (CalcAppProtocol, ComponentStatusProtocol, FractalGeneratorProtocol, PingPongProtocol), Telkonet, TiVoConnect Discovery Protocol
Updated Protocol Support
AIM, AMR, ASAP, BER, BGP, BSSAP, BVLC, CAMEL, CMS, COPS, DAP, DCERPC (NETLOGON, PNIO), DCOM, DIAMETER, DVMRP, EAPOL, ENRP, ESP, FC, FIX, Frame, GPRS LLC, GSM A, GSM MAP, GSSAPI, GTP, H.225, H.235, H.245, H.248, H.263, H.450, H1, ICMP, IEEE 802.11, INAP, IP, IPMI, iSCSI, ISUP, JXTA, Kerberos, LDAP, LLDP, MEGACO, MySQL, NBAP, NDMP, NFS, OICQ, PER, PGM, PN-PTCP, Q.931, RANAP, RNSAP, ROS, RTCP, S4406, S5066, SCCP, SCSI, SDP, SIP, SMB (PIPE, SMB), SNMP, SSL, SUA, TCP, TDS, TELNET, TIPC, UMA, X.420, X.509 (af, ce, if), XML
New and Updated Capture File Support
Wireshark can now read BER-encoded files. Catapult DCT2000 support has been updated.
bumped in cvs
Arches, please test and stable wireshark 0.99.2, thank you.
Suggest modifying build to use the .tar.bz2 (9.3MB) instead of the tar.gz (12MB). This will save bandwidth on our mirrors.
May also want to list other download locations. Sources are available on Sourceforge.net, among others.
1) emerges fine
2) passes test suite
3) passes collision test
4) changed setting, sniffed my network traffic (with and without vpn)-> works
Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-gentoo-r13 i686)
System uname: 2.6.16-gentoo-r13 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.6.15
app-admin/eselect-compiler: [Not Present]
dev-util/ccache: [Not Present]
dev-util/confcache: [Not Present]
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
«amd64 is back.»
x86 has gone poof ^.^
It is probably worth noting from the versions in the comment 0 that all ethereal versions are vulnerable (<0.99 are ethereal version numbers).
Given ethereal.com has no devs working on ethereal (evidence by their cvs email list with last commit on it in May (when their devs left) is very unlikely they will issue a fix.
So in the course of three days we assume that upstream is totally dead because they haven't made a commit in two months? I mean, I can think of *lots* of packages in the tree where upstream hasn't made a commit in two months, but it doesn't mean that they're dead. Has anyone tried to contact them?
Bleh... it helps if I actually read everything before I comment.
I'll shut up now. Leaving "release" on here so I take the time to do the swap in our release snapshot. Sorry for the noise.
ia64 don't forget to mark stable to benifit from the GLSA.
ia64 don't worry about this one - see bug 144946
Does not affect current (2008.0) release. Removing release.