-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0172
                         WireShark 3.0.8 and 3.2.1
                              16 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           WireShark
Publisher:         WireShark
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7045  

Original Bulletin: 
   https://www.wireshark.org/docs/relnotes/wireshark-3.0.8.html
   https://www.wireshark.org/docs/relnotes/wireshark-3.2.1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Wireshark 3.0.8 Release Notes

What is Wireshark?

What’s New

    The Windows installers now ship with Npcap 0.9986. They previously shipped with Npcap 0.9984.

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2020-02 BT ATT dissector crash. Bug 16258. CVE-2020-7045.

The following bugs have been fixed:

    Wireshark fails to create directory if parent directory does not yet exist. Bug 16143.

    Buildbot crash output: randpkt-2019-11-30-22633.pcap. Bug 16240.

    Crash after closing the Edit Column widget. Bug 16245.

    Some valid erf timestamps get confused for gzip magic header bytes and causes an error with file_seek. Bug 16252.

    [UDS] When filtering the uds.rdbi.data_identifier field is interpreted as 1 byte whereas it consists of 2 bytes. Bug 16256.

    DNS time to live field should be displayed as days/hours/minutes/seconds. Bug 16263.

    LNet incorrectly displays Malformed Packet for RDMA Read Requests. Bug 16269.

    11ad packets get reported as 11n. Bug 16272.

    MPLS : Label Stack Sub TLV decoded improperly. Bug 16273.

    A-bis/OML: IPA Destination IP Address attribute contains inverted value (endianness). Bug 16282.

    h264: SPS frame_crop_right_offset shown in UI as frame_crop_left_offset. Bug 16285.

    DOIP: Typo in "identifcation request messages". Bug 16325.

    Toolbar "?" help button - no text/help displayed. Bug 16327.

New and Updated Features

There are no new features in this release.
New Protocol Support

There are no new protocols in this release.
Updated Protocol Support

802.11 Radiotap, BT ATT, DNS, DOIP, GSM A RR, GSM A-bis/OML, H264, H265, IEEE 802.11, LNET, MPLS Echo, rtnetlink, TIPC, and UDS
New and Updated Capture File Support

There is no new or updated capture file support in this release.
New and Updated Capture Interfaces support

There is no new or updated capture file support in this release.

- ---------------------------------------------------------------------------------------------


Wireshark 3.2.1 Release Notes
What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
What’s New
Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2020-01 WASSP dissector crash. Bug 16324. CVE-2020-7044.

The following bugs have been fixed:

    Incorrect parsing of USB CDC packets. Bug 14587.

    Wireshark fails to create directory if parent directory does not yet exist. Bug 16143.

    Buildbot crash output: randpkt-2019-11-30-22633.pcap. Bug 16240.

    Closing Flow Graph closes (crashes) main GUI window. Bug 16260.

    Wireshark interprets websocket frames after HTTP handshake in a wrong way. Bug 16274.

    A-bis/OML: IPA Destination IP Address attribute contains inverted value (endianness). Bug 16282.

    wiretap/log3gpp.c: 2 * leap before looking ?. Bug 16283.

    Opening shell terminal prints Wireshark: Permission denied. Bug 16284.

    h264: SPS frame_crop_right_offset shown in UI as frame_crop_left_offset. Bug 16285.

    BGP: update of "Sub-TLV Length" by draft-ietf-idr-tunnel-encaps. Bug 16294.

    SPNEGO+GSS-API+Kerberos+ap-options dissection produces "Unknown Bit(s)" expert message. Bug 16301.

    USB Audio feature unit descriptor is incorrectly dissected. Bug 16305.

    Compiling the .y files fails with Berkeley YACC. Bug 16306.

    PDB files in Windows installer. Bug 16307.

    NAS-5GS 5GS network feature support lacks MCSI, EMCN3 two fields (octet 4). Bug 16310.

    Option to change “Packet List” columns header right click pop-up menu behavior. Bug 16317.

    DLT: Dissector does not parse multiple DLT messages in single UDP packet. Bug 16321.

    ISAKMP Dissection: Enhance Source id and Destination ID field of GDOI SA TEK payload for non IP ID type. Bug 16233.

    DOIP: Typo in "identifcation request messages". Bug 16325.

    Toolbar "?" help button - no text/help displayed. Bug 16327.

New and Updated Features

There are no new features in this release.
New Protocol Support

There are no new protocols in this release.
Updated Protocol Support

802.11 Radiotap, ASN.1 BER, BGP, DLT, DOIP, GSM A RR, GSM A-bis/OML, H264, HTTP, IEC 60870-5-104, IEEE 802.11, IPv4, ISAKMP, NAS 5GS, rtnetlink, SIP, TIPC, USB Audio, USB CDC, and WASSP
New and Updated Capture File Support

3gpp phone log

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXh/YNmaOgq3Tt24GAQieow/9Fwbs70yvhoKFs465743P825bz4d7VFnr
HtpSVMHjtHy+7eLBg8NvMFmwPcGnEhGSlLfqSGhlC+SEMdCeQeCR/GX7fM9yehGT
l0Q9KXtE7YhOY9kXQqrcPoy0BkCxr3uxWen3ik8YwqB37/+PSCWXgV0uTMxtM+z4
wH+XKaRxPskYVQaCzIiTE7tpOUppYAKz0l3dwIfBJCBGU6OfCM05Rywb/LOulLSD
CfaTjksU4/ziKb2c9msGv6BBwPRy/ssJrLVcz3+jMhnq5JJ++cRNJQvItsvepezh
zubJlPzW44DtzMocVRsVxWQiPH1QxtJLt/RutiPI0x4TvyHP/BrJRN6lTiHAXL0N
NhRCMFF414p5PwUHCREC4EncdBlvA6v51UkUgpeuuvbelbeO1LXjZ//TXvE+zQmf
CdswsphaY8nKg8grn0fHTp2kC0HK8r0Eeuci8+gCgtfcEG+jefqo0H9Hw7OSiJPA
9etDbRyxmcfvroxpzTRHcWlOHhVwvUtTqEiQL9mtlR3s3eB2EoihXXVF1IBf5Vn/
iTHeQQXGsGTBhRWJY9zz4BFxroiNO2yXk+xBbF/MIzT3u0LbG1sSwUboNRIDm/bF
aRRsujlXU7dejXtGKvWt7SBkPN9W+hIVkjtlzvDkUzpV3z2cxevMhKxF0ANz8Sio
FvMG3rA2k7g=
=AffT
-----END PGP SIGNATURE-----