Wireshark updates fix security vulnerabilities
The Wireshark developers have announced the release of versions 1.6.1 and 1.4.8 of their open source, cross-platform network protocol analyser. These maintenance and security updates address multiple vulnerabilities that could cause Wireshark to crash "by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file."
These include problems related to the Lucent/Ascend file parser and the ANSI MAP dissector, both of which were susceptible to an infinite loop bug. Wireshark 1.4.0 to 1.4.7 and 1.6.0 are said to be affected. A number of bugs in both versions were also fixed. All users are advised to update to the latest versions.
Version 1.2.18 of Wireshark from the end of June addressed the same vulnerabilities noted above; the 1.2.x branch reached its end of life on 30 June 2011. All Wireshark 1.2.x users are encouraged to upgrade to the 1.6.x branch.
Further information about the updates, including a full list of bug fixes, can be found in the 1.4.8 and 1.6.1 release notes. Wireshark binaries for Windows and Mac OS X, as well as the source code, are available to download from the project's site; documentation is also provided. Wireshark, formerly known as Ethereal, is licensed under version 2 of the GNU General Public Licence (GPLv2).
See also:
- Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark® version 1.6.0 to 1.6.0, a Wireshark security advisory.
- Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark® version 1.4.0 to 1.4.7, a Wireshark security advisory.
- Wireshark network monitor updated to 1.6.0, a report from The H.
(crve)