Wireshark update fixes vulnerabilities, bugs; adds no new teeth

News

Wireshark update fixes vulnerabilities, bugs; adds no new teeth

SearchSecurity.in Staff

The Wireshark foundation on Tuesday has released the latest stable releases of its open source,

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

 cross-platform network protocol analyzer. The developers have released versions 1.4.10 and 1.6.3 of Wireshark which contains maintenance and security updates, along with fixes for three security vulnerabilities and multiple program bugs in the previous releases. Several of these vulnerabilities may be used by attackers to perform a denial of service (DoS) attack as reported by Secunia, which rates them as highly critical.

The fix addresses flaws linked to the ERF file parser, which could be exploited to cause a buffer overflow. Problems have also been reported with a NULL pointer deference related error in the Infiniband dissector. This issue affects versions 1.4.0 through 1.4.9 and versions 1.6.0 through 1.6.3. Wireshark 1.6.3 also addresses issues that could be used to crash the application, linked to the CSN.1 dissector.

The updates fix several other program bugs. No new feature or protocol support has been added in this update. Existing protocol support has been updated for Ethernet, ICMPv6, IEEE 802.11, IEEE 802.1q, IPsec, MySQL and SSL, to name a few. Capture file support has also been updated in this release. A full list of changes is available in the release notes (v1.4.10 and v1.6.3).