Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0738
Wireshark 3.0.9 and 3.2.2 are now available
28 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Wireshark
Publisher: Wireshark
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
Original Bulletin:
https://www.wireshark.org/docs/relnotes/wireshark-3.0.9.html
https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html
Comment: This bulletin contains two (2) Wireshark security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
What is Wireshark?
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* wnpa-sec-2020-03 LTE RRC dissector memory leak. Bug 16341.
* wnpa-sec-2020-04 WiMax DLMAP dissector crash. Bug 16368.
* wnpa-sec-2020-05 EAP dissector crash. Bug 16397.
The following bugs have been fixed:
* Wireshark fails to build with GCC-9. Bug 16319.
* ICMP: No response if ICMP reply packet has an ICMP checksum of
0x0000. Bug 16334.
* IPv4 fragment offset value is incorrect in IPv4 header decode.
Bug 16344.
* RTP export to rtpdump file doesn=E2=80=99t work. Bug 16351.
* ISAKMP: IKEv2 transforms and proposal have critical bit (BUG).
Bug 16364.
* LLDP dissector consumes all octets to the end of the TVB and eth
trailer dissector does not get called. Bug 16387.
* LACP dissector consumes all octets to the end of the TVB and eth
trailer dissector does not get called. Bug 16388.
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ARTNET, EAP, ICMP, ICMPv6, IPv4, ISAKMP, LACP, LLDP, LTE RRC, RDM,
RTP, and WiMax DLMAP
New and Updated Capture File Support
There is no new or updated capture file support in this release.
New and Updated Capture Interfaces support
There is no new or updated capture file support in this release.
Getting Wireshark
Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can
be found on the download page[14] on the Wireshark web site.
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
locations vary from platform to platform. You can use About Folders to
find the default locations on your system.
Getting Help
The User's Guide, manual pages and various other documentation can be
found at https://www.wireshark.org/docs/
Community support is available on Wireshark's Q&A site[15] and on the
wireshark-users mailing list. Subscription information and archives
for all of Wireshark's mailing lists can be found on the web site.
Bugs and feature requests can be reported on the bug tracker.
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site.
Last updated 2020-02-26 20:28:19 UTC
References
1. https://www.wireshark.org/security/wnpa-sec-2020-03
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16341
3. https://www.wireshark.org/security/wnpa-sec-2020-04
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16368
5. https://www.wireshark.org/security/wnpa-sec-2020-05
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16397
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16319
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16334
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16344
10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16351
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16364
12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16387
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3D16388
14. https://www.wireshark.org/download.html#thirdparty
15. https://ask.wireshark.org/
16. https://www.wireshark.org/lists/
17. https://bugs.wireshark.org/
18. https://www.wireshark.org/faq.html
Digests
wireshark-3.0.9.tar.xz: 30860760 bytes
SHA256(wireshark-3.0.9.tar.xz)=3Dbb4697ead91824b1fa33ffbe6643f6193459a66c906910a7611d5b26ff32aa04
RIPEMD160(wireshark-3.0.9.tar.xz)=3Da2f75c6eb08f920ec42d515f2039630b8ac0e752
SHA1(wireshark-3.0.9.tar.xz)=3D60d5dfeac1b75d813ffee049ca3fd393e9c9890f
Wireshark-win32-3.0.9.exe: 54030872 bytes
SHA256(Wireshark-win32-3.0.9.exe)=3Decaa7a5d6cbc2fc3a3ec89d76374068d40ed8c6fb830da6c1558970829bd66a6
RIPEMD160(Wireshark-win32-3.0.9.exe)=3Df6f63bf5aadcc2622d76c21711f36cd14c5864e2
SHA1(Wireshark-win32-3.0.9.exe)=3Df416a42a13558b3a759474caafdad5f6086211dd
Wireshark-win64-3.0.9.exe: 59245400 bytes
SHA256(Wireshark-win64-3.0.9.exe)=3D1b4df9693085d7e7e843a20d2edc70384c4593f64e20a30796a73b9d067e0e46
RIPEMD160(Wireshark-win64-3.0.9.exe)=3Dd1c06722822fb99e70136a21bb9f803d2d000701
SHA1(Wireshark-win64-3.0.9.exe)=3Daec5e1847eac88f01265401b67ccbaa405a84cdb
Wireshark-win64-3.0.9.msi: 47214592 bytes
SHA256(Wireshark-win64-3.0.9.msi)=3D081f994094fd95a1c65cbf8b149b9db5c819238c1ffb0a9d654489bf4faf51d7
RIPEMD160(Wireshark-win64-3.0.9.msi)=3D112e693e8d6011f0f73a30e34cbf6b2e8fc148c8
SHA1(Wireshark-win64-3.0.9.msi)=3Daa4eda9bb095e4f9d15d3e1dd349b68ad53ccf39
Wireshark-win32-3.0.9.msi: 42016768 bytes
SHA256(Wireshark-win32-3.0.9.msi)=3D401d61b9ee0e66f376b22132537a245cc2e2b6374da24a00b38b10c81ff0eb60
RIPEMD160(Wireshark-win32-3.0.9.msi)=3D685ee9ffd3f3dbe48825f7e5bf9b4c081a0ae88b
SHA1(Wireshark-win32-3.0.9.msi)=3D5568d3d646f6fd73189f635b9abff33e21dac482
WiresharkPortable_3.0.9.paf.exe: 35796536 bytes
SHA256(WiresharkPortable_3.0.9.paf.exe)=3D0fae736942320d3f9df6d0dc36ff9c5f299b97960a77c9710395aec823cf21f7
RIPEMD160(WiresharkPortable_3.0.9.paf.exe)=3D39cf6378b95f278b4bec5045e09cb9b64ab5d977
SHA1(WiresharkPortable_3.0.9.paf.exe)=3D6856f410eef637ec80079f8637a81f301a2c9129
Wireshark 3.0.9 Intel 64.dmg: 93074716 bytes
SHA256(Wireshark 3.0.9 Intel 64.dmg)=3Dc80f0688d149c321d5924e786fb0478aef72bf2f57aa4ed8d2a9d8e845c29ee1
RIPEMD160(Wireshark 3.0.9 Intel 64.dmg)=3D6d176e73690780e901de208612212b601b2c47d0
SHA1(Wireshark 3.0.9 Intel 64.dmg)=3D3af43161d7c8336d963a93d69487970b50d7ee60
https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html
You can validate these hashes using the following commands (among others):
Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz
- --------------------------------------------------------------------------------
I'm proud to announce the release of Wireshark 3.2.2.
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
What's New
Automatic updates were inadvertently disabled in the Wireshark 3.2.1
64-bit and 32-bit Windows installers. If you're running Wireshark
3.2.1 on Windows you will have to update to a later version manually.
Bug 16381
Bug Fixes
The following vulnerabilities have been fixed:
* wnpa-sec-2020-03 LTE RRC dissector memory leak. Bug 16341.
* wnpa-sec-2020-04 WiMax DLMAP dissector crash. Bug 16368.
* wnpa-sec-2020-05 EAP dissector crash. Bug 16397.
* wnpa-sec-2020-06 WireGuard dissector crash. Bug 16394.
The following bugs have been fixed:
* Add (IETF) QUIC Dissector. Bug 13881.
* Support for CoAP over TCP and WebSockets (RFC 8323). Bug
15910.
* SMB IOCTL response packet with BUFFER_OVERFLOW status is
dissected improperly. Bug 16261.
* Wireshark fails to build with GCC-9. Bug 16319.
* NVMe/TCP ICReq PDU Not Interpreted Correctly. Bug 16333.
* ICMP: No response if ICMP reply packet has an ICMP checksum of
0x0000. Bug 16334.
* Display filter parsing broken after upgrade from 3.0.7. Bug
16336.
* IPv4 fragment offset value is incorrect in IPv4 header decode.
Bug 16344.
* RTCP frame length warning for SAT>IP APP packets. Bug 16345.
* RTP export to rtpdump file doesn't work. Bug 16351.
* CFDP dissector skips a byte. Bug 16361.
* ISAKMP: IKEv2 transforms and proposal have critical bit (BUG).
Bug 16364.
* No IPv4/IPv6 hosts in Resolved Addresses dialog. Bug 16366.
* Lack of Check for Updates option in the Windows GUI. Bug
16381.
* LLDP dissector consumes all octets to the end of the TVB and eth
trailer dissector does not get called. Bug 16387.
* LACP dissector consumes all octets to the end of the TVB and eth
trailer dissector does not get called. Bug 16388.
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ARTNET, CFDP, CoAP, EAP, GTP, ICMP, ICMPv6, IPv4, ISAKMP, LACP, LLDP,
LTE RRC, NBAP, NVME-TCP, QUIC, RDM, RTCP, RTP, SMB, SOME/IP, TLS,
WiMax DLMAP, and WireGuard
New and Updated Capture File Support
There is no new or updated capture file support in this release.
Getting Wireshark
Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can
be found on the download page[26] on the Wireshark web site.
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
locations vary from platform to platform. You can use About Folders to
find the default locations on your system.
Getting Help
The User's Guide, manual pages and various other documentation can be
found at https://www.wireshark.org/docs/
Community support is available on Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and archives
for all of Wireshark's mailing lists can be found on the web site.
Bugs and feature requests can be reported on the bug tracker.
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site.
Last updated 2020-02-26 18:46:23 UTC
References
1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16381
2. https://www.wireshark.org/security/wnpa-sec-2020-03
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341
4. https://www.wireshark.org/security/wnpa-sec-2020-04
5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368
6. https://www.wireshark.org/security/wnpa-sec-2020-05
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397
8. https://www.wireshark.org/security/wnpa-sec-2020-06
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394
10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13881
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15910
12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16261
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16319
14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16333
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16334
16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16336
17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16344
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16345
19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16351
20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16361
21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16364
22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16366
23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16381
24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16387
25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16388
26. https://www.wireshark.org/download.html#thirdparty
27. https://ask.wireshark.org/
28. https://www.wireshark.org/lists/
29. https://bugs.wireshark.org/
30. https://www.wireshark.org/faq.html
Digests
wireshark-3.2.2.tar.xz: 31548392 bytes
SHA256(wireshark-3.2.2.tar.xz)=5f5923ef4c3fee370ed0ca1bb324f37c246015eba4a7e74ab95d9208feeded79
RIPEMD160(wireshark-3.2.2.tar.xz)=886e731f8055c32f82d29931981b13a07bb0584c
SHA1(wireshark-3.2.2.tar.xz)=9cc54a56e9c2ed77e1bc436d9ae2f7bba68d26f8
Wireshark-win64-3.2.2.exe: 60064040 bytes
SHA256(Wireshark-win64-3.2.2.exe)=cc9b49c696219cc093debaae11febeb546b2a508f41150b983ae0af6954c0512
RIPEMD160(Wireshark-win64-3.2.2.exe)=2b292f3882e1eb27a01707fc98aa460501cbb296
SHA1(Wireshark-win64-3.2.2.exe)=865313414ccd9a1f9792f0a94e5de01b59716274
Wireshark-win32-3.2.2.exe: 54766256 bytes
SHA256(Wireshark-win32-3.2.2.exe)=73af61a1edae2af371e432a09bbda8af48a8ada0ea789592ff24499d80070ae6
RIPEMD160(Wireshark-win32-3.2.2.exe)=849d9cbb6c807369148a7e80826b62892ae6d9e6
SHA1(Wireshark-win32-3.2.2.exe)=32cfdad68a57619fad98a36b184fcba9aecd7f40
Wireshark-win64-3.2.2.msi: 48234496 bytes
SHA256(Wireshark-win64-3.2.2.msi)=2be8c75267a4a5670facc7246e3afa145a9f0b04fe9cc6a03876a2100cf54d51
RIPEMD160(Wireshark-win64-3.2.2.msi)=34ce997ebc0f70a5f58ec8c9ad469743ebc7b7a8
SHA1(Wireshark-win64-3.2.2.msi)=c03c345347ff1b2e143bea23521a3e3051dce4ec
Wireshark-win32-3.2.2.msi: 42946560 bytes
SHA256(Wireshark-win32-3.2.2.msi)=9806b8985b5e697b273dd16d5039877b7f7d2bed3c48581f540556cf5b60ee57
RIPEMD160(Wireshark-win32-3.2.2.msi)=9136a45df0d15d526b308697560a3cd3fb8328e4
SHA1(Wireshark-win32-3.2.2.msi)=4730be9ec289cc33b290216de2f42027980de9e9
WiresharkPortable_3.2.2.paf.exe: 36532592 bytes
SHA256(WiresharkPortable_3.2.2.paf.exe)=bcae2ceaf37afb2ab1f6bb1b9f1054c68a537e22b98219407561007ba3217647
RIPEMD160(WiresharkPortable_3.2.2.paf.exe)=d66557ea96adadff42db9b484ab1030da9a92855
SHA1(WiresharkPortable_3.2.2.paf.exe)=1235aaa1a73b33065ebab1e21bdcb2c10a9bbf55
Wireshark 3.2.2 Intel 64.dmg: 97487826 bytes
SHA256(Wireshark 3.2.2 Intel 64.dmg)=c6bda7aba34c441dc8b3998ffbe938ea37a98cf9e4cbf0136a8b65229ce0887f
RIPEMD160(Wireshark 3.2.2 Intel 64.dmg)=db7aaf2ff01d14653c5dbca355cf042cdc472192
SHA1(Wireshark 3.2.2 Intel 64.dmg)=1a37a7cd62ab258431ad166d62cfbc42f0a7287a
You can validate these hashes using the following commands (among others):
Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXlileWaOgq3Tt24GAQiabRAAx2GdUmTyB4bcppOGGe3BGVM3KSEQu8Ys
g9xsQqjki6Fznv92duFVgdTlwXRh7/QuefNi1bsiORfJ/vDGdHjULNPldB0F4FGX
bPp3ePlKKbURbj2Zl0H9lLMlk0eDwB0syn52SN4TQQC7osxrYchHPIUWPpENS83/
JqaPSgw8Bc8UaM3xOafxvbZr6/yUeYjqBU03e3jURvTLv02thI73jFL56s0FwnZw
EDKptWQ4wzCux0pkHDqNV15Venp1qzo0uddmX5A/I7j45bI04wpRib+Dz6sy+c56
qo+oXl8CiSPgZyVnzTiMmG4z3fXD00svkxaVpDpsZIDeCq0uB77Sc8QZJhMFQ3ke
JpWPcmI0J2at8vs5VWqiljfP6eOHfNDtMYFCM2Gszt8dut2qLlk20d26pVuen3sQ
ed0Nx6uZGKzNJVSGrGJHix4nHHxR4BmA49SkXqDxGaFV+tHTgzqSO1EAKP7obRJ0
J2PU9zCEGQlq4qdc7l6Hj5YI8AW2e5QfvTnXKYmSXUzAbQwjc7rlyo1Ev8yJjjsZ
rv7KV5rTHHBqHMEZcYTWDuOHm3VpFeOgELWNV3fAzhHmUsfUawAvsGoBJ2Jl5eQn
X6W03MYKsG8kUGPf40yap3T+YKp+7M9judXzy0yAo3GNzxJHodn4pZMAIKuu1xTK
QherVaQBOck=
=5a/f
-----END PGP SIGNATURE-----