FYI...

Wireshark multiple vulns - update available
- http://secunia.com/advisories/29156/
Release Date: 2008-02-28
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Wireshark (formerly Ethereal) 0.x
...The vulnerabilities are reported in various versions prior to 0.99.8.
Solution: Update to version 0.99.8.
http://www.wireshark.org/download.html

FYI...

Wireshark v1.2.2 released
- http://www.wireshark.org/download.html
Sep. 15, 2009 - "The current stable release of Wireshark is 1.2.2. It supersedes all previous releases..."

Bug Fixes
- http://www.wireshark.org/docs/relnotes/wir...2.html#WhatsNew

- http://www.wireshark.org/news/20090915.html

- http://www.wireshark.org/security/wnpa-sec-2009-06.html
Wireshark 1.2.2 fixes the following vulnerabilities:
* The GSM A RR dissector could crash. (Bug 3893)
Versions affected: 1.2.0 to 1.2.1
* The OpcUa dissector could use excessive CPU and memory. (Bug 3986)
Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1
* The TLS dissector could crash on some platforms. (Bug 4008)
Versions affected: 1.2.0 to 1.2.1 ...

- http://secunia.com/advisories/36754/2/
Release Date: 2009-09-16
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Wireshark 1.x...
Solution: Update to version 1.0.9 or 1.2.2...
Original Advisory:
http://www.wireshark.org/security/wnpa-sec-2009-05.html
http://www.wireshark.org/security/wnpa-sec-2009-06.html

FYI...

Wireshark v1.2.3 released
- http://www.wireshark.org/download.html
Oct. 27, 2009 - "The current stable release of Wireshark is 1.2.3. It supersedes all previous releases..."

- http://www.wireshark.org/security/wnpa-sec-2009-07.html
Wireshark 1.2.3 fixes the following vulnerabilities:
• The Paltalk dissector could crash on alignment-sensitive processors...
Versions affected: 1.2.0 to 1.2.2
CVE-2009-3549
• The DCERPC/NT dissector could crash.
Versions affected: 0.10.10 to 1.2.2
CVE-2009-3550
• The SMB dissector could crash.
Versions affected: 1.2.0 to 1.2.2
CVE-2009-3551 ...
Resolution: Upgrade to Wireshark 1.2.3 or later...

- http://secunia.com/advisories/37175/2/
Release Date: 2009-10-28
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch



This post has been edited by AplusWebMaster: Oct 28 2009, 07:49 AM

FYI...

Wireshark v1.2.4 released
- http://www.wireshark.org/download.html
Nov. 16, 2009 - "The current stable release of Wireshark is 1.2.4. It supersedes all previous releases.."

- http://www.wireshark.org/docs/relnotes/wir...4.html#BugFixes
The following bugs have been fixed:
• Can't save RTP stream in both directions. (Bug 4120)
• Wireshark could crash at startup on Windows. (Bug 4155)

FYI...

Wireshark v1.2.5 released
- http://www.wireshark.org/download.html
Dec. 17, 2009 - "The current stable release of Wireshark is 1.2.5. It supersedes all previous releases..."

Release Notes
- http://www.wireshark.org/docs/relnotes/wir...5.html#WhatsNew

Bug fixes
- http://www.wireshark.org/security/wnpa-sec-2009-09.html
Wireshark 1.2.5 fixes the following vulnerabilities:
• The Daintree SNA file parser could overflow a buffer. (Bug 4294)
Versions affected: 1.2.0 to 1.2.4
• The SMB and SMB2 dissectors could crash. (Bug 4301)
Versions affected: 0.9.0 to 1.2.4
• The IPMI dissector could crash on Windows. (Bug 4319)
Versions affected: 1.2.0 to 1.2.4
Impact
It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 1.2.5 or later. Due to the nature of the Daintree SNA vulnerability, there is no workaround..."

- http://secunia.com/advisories/37842/2/
Release Date: 2009-12-18
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch ...
Solution: Update to version 1.2.5...



This post has been edited by AplusWebMaster: Dec 18 2009, 04:25 AM

FYI...

Wireshark v1.2.6 released
- http://www.wireshark.org/download.html
Jan. 27, 2010 - "The current stable release of Wireshark is 1.2.6. It supersedes all previous releases..."

Release Notes
- http://www.wireshark.org/docs/relnotes/wireshark-1.2.6.html

BugFixes
- http://www.wireshark.org/docs/relnotes/wir...6.html#BugFixes
Babi discovered several buffer overflows in the LWRES dissector.
Versions affected: 0.9.15 to 1.0.10, 1.2.0 to 1.2.5
The following bugs have been fixed:
Wireshark could crash while decrypting Kerberos data.
Address display filters hang Wireshark. (Bug 658)
PSML - structure context node missing. (Bug 1564)
Wireshark doesn't dynamically update the packet list. (Bug 1605)
LUA: There's no tvb_get_stringz() equivalent. (Bug 2244)
tvb_new_real_data is prone to memory leak. (Bug 3917)
Malformed OPC UA traffic makes Wireshark "freeze". (Bug 3986)
Analyze→Expert... doesn't show IP "Bad Checksum" errors. (Bug 4177)
Wireshark can't decrypt WPA(2)-PSK when passphrase is 63 bytes. (Bug 4183)
RTP stream analysis: Wrong jitter values after clicking the refresh button. (Bug 4340)
Wireshark decodes bootp option 2 incorrectly. (Bug 4342)
Deleting SMI modules causes Wireshark to crash. (Bug 4354)
Wireshark decodes kerberos AS-REQ PADATA incorrect. (Bug 4363)
PDML output from TShark includes invalid characters. (Bug 4402)
Empty GPRS LLC S frames cause truncated data exception. (Bug 4417) ...

- http://secunia.com/advisories/38257/2/
Release Date: 2010-01-28
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Wireshark 1.x
Solution: Update to version 1.0.11 or 1.2.6.
Original Advisory:
http://www.wireshark.org/security/wnpa-sec-2010-01.html
http://www.wireshark.org/security/wnpa-sec-2010-02.html



This post has been edited by AplusWebMaster: Jan 28 2010, 10:36 AM