Wireshark · Wireshark-dev: [Wireshark-dev] Wireshark 1.4.4 is now available

[Gerald Combs <gerald@xxxxxxxxxxxxx>]

I'm proud to announce the release of Wireshark 1.4.4.

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer.
   It is used for troubleshooting, analysis, development and
   education.

What's New

  Bug Fixes

   The following vulnerabilities have been fixed. See the security
   advisory for details and a workaround.

     o Huzaifa Sidhpurwala of the Red Hat Security Response Team
       discovered that Wireshark could free an uninitialized pointer
       while reading a malformed pcap-ng file. (Bug 5652)

       Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.

       CVE-2011-0538

     o Huzaifa Sidhpurwala of the Red Hat Security Response Team
       discovered that a large packet length in a pcap-ng file could
       crash Wireshark. (Bug 5661)

       Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.

     o Wireshark could overflow a buffer while reading a Nokia DCT3
       trace file. (Bug 5661)

       Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.

       CVE-2011-0713

     o Paul Makowski working for SEI/CERT discovered that Wireshark
       on 32 bit systems could crash while reading a malformed
       6LoWPAN packet. (Bug 5661)

       Versions affected: 1.4.0 to 1.4.3.

     o joernchen of Phenoelit discovered that the LDAP and SMB
       dissectors could overflow the stack. (Bug 5717)

       Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior
       versions including 1.0.x are also affected.)

     o Xiaopeng Zhang of Fortinet's Fortiguard Labs discovered that
       large LDAP Filter strings can consume excessive amounts of
       memory. (Bug 5732)

       Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior
       versions including 1.0.x are also affected.)

   The following bugs have been fixed:

     o A TCP stream would not always be recognized as the same
       stream. (Bug 2907)

     o Wireshark Crashing by pressing 2 Buttons. (Bug 4645)

     o A crash can occur in the NTLMSSP dissector. (Bug 5157)

     o The column texts from a Lua dissector could be mangled. (Bug
       5326) (Bug 5630)

     o Corrections to ANSI MAP ASN.1 specifications. (Bug 5584)

     o When searching in packet bytes, the field and bytes are not
       immediately shown. (Bug 5585)

     o Malformed Packet: ULP reported when dissecting ULP SessionID
       PDU. (Bug 5593)

     o Wrong IEI in container of decode_gtp_mm_cntxt. (Bug 5598)

     o Display filter does not work for expressions of type BASE_DEC,
       BASE_DEC_HEX and BASE_HEX_DEC. (Bug 5606)

     o NTLMSSP dissector may fail to compile due to space embedded in
       C comment delimiters. (Bug 5614)

     o Allow for name resolution of link-scope and multicast IPv6
       addresses from local host file. (Bug 5615)

     o DHCPv6 dissector formats DUID_LLT time incorrectly. (Bug 5627)

     o Allow for IEEE 802.3bc-2009 style PoE TLVs. (Bug 5639)

     o Various fixes to the HIP packet dissector. (Bug 5646)

     o Display "Day of Year" for January 1 as 1, not 0. (Bug 5653)

     o Accommodate the CMake build on Ubuntu 10.10. (Bug 5665)

     o E.212 MCC 260 Poland update according to local national
       regulatory. (Bug 5668)

     o IPP on ports other than 631 not recognized. (Bug 5677)

     o Potential access violation when writing to LANalyzer files.
       (Bug 5698)

     o IEEE 802.15.4 Superframe Specification - Final CAP Slot always
       0. (Bug 5700)

     o Peer SRC and DST AS numbers are swapped for cflow. (Bug 5702)

     o dumpcap: -q option behavior doesn't match documentation. (Bug
       5716)

  New and Updated Features

   There are no new features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ANSI MAP, BitTorrent, DCM, DHCPv6, DTAP, DTPT, E.212, GSM
   Management, GTP, HIP, IEEE 802.15.4, IPP, LDAP, LLDP, Netflow,
   NTLMSSP, P_Mul, Quake, Skinny, SMB, SNMP, ULP

  New and Updated Capture File Support

   LANalyzer, Nokia DCT3, Pcap-ng

Getting Wireshark

   Wireshark source code and installation packages are available from
   http://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages.
   You can usually install or upgrade Wireshark using the package
   management system specific to that platform. A list of third-party
   packages can be found on the download page on the Wireshark web
   site.

File Locations

   Wireshark and TShark look in several different locations for
   preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
   These locations vary from platform to platform. You can use
   About->Folders to find the default locations on your system.

Known Problems

   Wireshark might make your system disassociate from a wireless
   network on OS X 10.4. (Bug 1315)

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

   The BER dissector might infinitely loop. (Bug 1516)

   Capture filters aren't applied when capturing from named pipes.
   (Bug 1814)

   Filtering tshark captures with display filters (-R) no longer
   works. (Bug 2234)

   The 64-bit Windows installer does not ship with the same libraries
   as the 32-bit installer. (Bug 3610)

   Hex pane display issue after startup. (Bug 4056)

   Packet list rows are oversized. (Bug 4357)

   Summary pane selected frame highlighting not maintained. (Bug
   4445)

Getting Help

   Community support is available on Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and
   archives for all of Wireshark's mailing lists can be found on the
   web site.

   Training is available from Wireshark University.

Frequently Asked Questions

   A complete FAQ is available on the Wireshark web site.


Digests

wireshark-1.4.4.tar.bz2: 20479081 bytes
MD5(wireshark-1.4.4.tar.bz2)=11ce019d85d9822597b163ce5b4da858
SHA1(wireshark-1.4.4.tar.bz2)=4d1d7e7bf07683723b661eb7b7124b2e90106087
RIPEMD160(wireshark-1.4.4.tar.bz2)=47f9274cd6933684339b4c7c0b7c723d8c9b1512

wireshark-win32-1.4.4.exe: 19433082 bytes
MD5(wireshark-win32-1.4.4.exe)=2571d4519c8d43399225ebffde88a813
SHA1(wireshark-win32-1.4.4.exe)=3e4bebce27a0999a0d9de0c54e9ed164d2b94a68
RIPEMD160(wireshark-win32-1.4.4.exe)=b9ea64e380a2d839759f9b83abe272f0b7db181c

wireshark-win64-1.4.4.exe: 21698956 bytes
MD5(wireshark-win64-1.4.4.exe)=04aac70dc7b30ae8e8c76e2f5e64f5bd
SHA1(wireshark-win64-1.4.4.exe)=26f9f8eef8b1a4a856a1d583387eb986f39031ab
RIPEMD160(wireshark-win64-1.4.4.exe)=e266856aaadc1adaff1c232bdd97ff3bbdef2760

wireshark-1.4.4.u3p: 25760183 bytes
MD5(wireshark-1.4.4.u3p)=c7a0a35afc5ed3e3a1d38ccf836bf8a4
SHA1(wireshark-1.4.4.u3p)=69639fc2e8fc83889925b131dced93b8eb04b986
RIPEMD160(wireshark-1.4.4.u3p)=f2b64abd86c01568c8f6a76b61cfeffb1b44d639

WiresharkPortable-1.4.4.paf.exe: 20285928 bytes
MD5(WiresharkPortable-1.4.4.paf.exe)=19fff0fa52ed2241a7320ef733fefb8e
SHA1(WiresharkPortable-1.4.4.paf.exe)=927d0ddb23bc092232eb49159dda9eacdbe68fb9
RIPEMD160(WiresharkPortable-1.4.4.paf.exe)=0e2fe122c7094628afca7d03410b8e0b1ed5c98c

Wireshark 1.4.4 Intel 32.dmg: 47605328 bytes
MD5(Wireshark 1.4.4 Intel 32.dmg)=84fc9a819632f33d05749f55534354c4
SHA1(Wireshark 1.4.4 Intel 32.dmg)=ff7790a7ac27cbc98d83ff89462b09e216a68601
RIPEMD160(Wireshark 1.4.4 Intel
32.dmg)=ea59bcc0f37b14f7efe8a9f7933ca1feb26b4449

Wireshark 1.4.4 Intel 64.dmg: 44235018 bytes
MD5(Wireshark 1.4.4 Intel 64.dmg)=9bde798b66a00048ee690e3ca37252b1
SHA1(Wireshark 1.4.4 Intel 64.dmg)=f537a7a7d6bd0b10bc0c0bd83203352741c1f0f3
RIPEMD160(Wireshark 1.4.4 Intel
64.dmg)=e35ddd3fca49ade0e4602e1bc3fa6540e0b25bbb

Wireshark 1.4.4 PPC 32.dmg: 50132934 bytes
MD5(Wireshark 1.4.4 PPC 32.dmg)=ecc5bca58bdac6737b21e2e9953d60fa
SHA1(Wireshark 1.4.4 PPC 32.dmg)=584f63ba49181f2f2d84b8a0fffe540f75781519
RIPEMD160(Wireshark 1.4.4 PPC
32.dmg)=4f722a7bd3eb6aec0b14d1f3d1c53d998380acc2

patch-wireshark-1.4.3-to-1.4.4.diff.bz2: 113453 bytes
MD5(patch-wireshark-1.4.3-to-1.4.4.diff.bz2)=cb2381cb470f1675e979d0de4ffa17fa
SHA1(patch-wireshark-1.4.3-to-1.4.4.diff.bz2)=b351e959e6fadcc53a15e124023278974850b68e
RIPEMD160(patch-wireshark-1.4.3-to-1.4.4.diff.bz2)=8012557719fb34b8caac82ecf4a1572faabd7244