Wireshark 3.0.1 Release Notes

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

    • The Windows installers now ship with Npcap 0.992. They previously
      shipped with Npcap 0.99-r9.

  Bug Fixes

   The following vulnerabilities have been fixed:

     • wnpa-sec-2019-09[1] NetScaler file parser crash. Bug 15497[2].
       CVE-2019-10895[3].

     • wnpa-sec-2019-10[4] SRVLOC dissector crash. Bug 15546[5].
       CVE-2019-10899[6].

     • wnpa-sec-2019-11[7] IEEE 802.11 dissector infinite loop. Bug
       15553[8]. CVE-2019-10897[9].

     • wnpa-sec-2019-12[10] GSUP dissector infinite loop. Bug 15585[11].
       CVE-2019-10898[12].

     • wnpa-sec-2019-13[13] Rbm dissector infinite loop. Bug 15612[14].
       CVE-2019-10900[15].

     • wnpa-sec-2019-14[16] GSS-API dissector crash. Bug 15613[17].
       CVE-2019-10894[18].

     • wnpa-sec-2019-15[19] DOF dissector crash. Bug 15617[20].
       CVE-2019-10896[21].

     • wnpa-sec-2019-16[22] TSDNS dissector crash. Bug 15619[23].
       CVE-2019-10902[24].

     • wnpa-sec-2019-17[25] LDSS dissector crash. Bug 15620[26].
       CVE-2019-10901[27].

     • wnpa-sec-2019-18[28] DCERPC SPOOLSS dissector crash. Bug
       15568[29]. CVE-2019-10903[30].

   The following bugs have been fixed:

     • [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type
       'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49.
       Bug 14770[31].

     • [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
       'int' in packet-couchbase.c:1674:37. Bug 15439[32].

     • Duplicated TCP SEQ field in ICMP packets. Bug 15533[33].

     • Wrong length in dhcpv6 NTP Server suboption results in "Malformed
       Packet" and breaks further dissection. Bug 15542[34].

     • Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug
       15545[35].

     • GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug
       15549[36].

     • Import hexdump dummy Ethernet header generation ignores direction
       indication. Bug 15561[37].

     • %T not supported for timestamps. Bug 15565[38].

     • LWM2M: resource with \r\n badly shown. Bug 15572[39].

     • When selecting BSSAP in 'Decode As' for a SCCP payload, it uses
       BSSAP+ which is not the same protocol. Bug 15578[40].

     • Possible buffer overflow in function ssl_md_final for crafted SSL
       3.0 sessions. Bug 15599[41].

     • Windows console log output delay. Bug 15605[42].

     • Syslog dissector processes the UTF-8 BOM incorrectly. Bug
       15607[43].

     • NFS/NLM: Wrong lock byte range in the "Info" column. Bug
       15608[44].

     • randpkt -r causes segfault when count > 1. Bug 15627[45].

     • Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper
       state: illegal transition. Bug 15628[46].

     • Packets with metadata but no data get the Protocol Info column
       overwritten. Bug 15630[47].

     • BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not
       decoded. Bug 15631[48].

     • Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634[49].

     • Typo: broli → brotli. Bug 15647[50].

     • Wrong dissection of GTPv2 MM Context Used NAS integrity
       protection algorithm. Bug 15648[51].

     • Windows CHM (help file) title displays quoted HTML characters.
       Bug 15656[52].

     • Unable to load 3rd party plugins not signed by Wireshark’s
       codesigning certificate. Bug 15667[53].

  New and Updated Features

   There are no new features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   BGP, BSSAP, Couchbase, DCERPC SPOOLSS, DHCP, DHCPv6, DOF, FP, GSM A
   RR, GSS-API, GSUP, GTP, GTPv2, H248C, HL7, IEEE 802.11, IEEE
   802.15.4, ISO 14443, LDSS, LwM2M-TLV, NLM, Rbm, SIP, SRVLOC, Syslog,
   TCP, TLS, and TSDNS

  New and Updated Capture File Support

   NetScaler and pcap

  New and Updated Capture Interfaces support

   There is no new or updated capture file support in this release.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html[54].

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[55] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About→Folders to
  find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/[56]

  Community support is available on Wireshark’s Q&A site[57] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[58].

  Bugs and feature requests can be reported on the bug tracker[59].

  Official Wireshark training and certification are available from
  Wireshark University[60].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[61].

  Last updated 2019-04-08 17:06:38 UTC

 References

   1. https://www.wireshark.org/security/wnpa-sec-2019-09
   2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
   3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10895
   4. https://www.wireshark.org/security/wnpa-sec-2019-10
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
   6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10899
   7. https://www.wireshark.org/security/wnpa-sec-2019-11
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15553
   9. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10897
  10. https://www.wireshark.org/security/wnpa-sec-2019-12
  11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15585
  12. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10898
  13. https://www.wireshark.org/security/wnpa-sec-2019-13
  14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15612
  15. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10900
  16. https://www.wireshark.org/security/wnpa-sec-2019-14
  17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
  18. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10894
  19. https://www.wireshark.org/security/wnpa-sec-2019-15
  20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617
  21. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10896
  22. https://www.wireshark.org/security/wnpa-sec-2019-16
  23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15619
  24. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10902
  25. https://www.wireshark.org/security/wnpa-sec-2019-17
  26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
  27. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10901
  28. https://www.wireshark.org/security/wnpa-sec-2019-18
  29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
  30. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10903
  31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14770
  32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15439
  33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15533
  34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15542
  35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15545
  36. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15549
  37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15561
  38. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15565
  39. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15572
  40. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15578
  41. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15599
  42. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15605
  43. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15607
  44. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15608
  45. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15627
  46. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15628
  47. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15630
  48. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15631
  49. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15634
  50. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15647
  51. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15648
  52. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15656
  53. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15667
  54. https://www.wireshark.org/download.html
  55. https://www.wireshark.org/download.html#thirdparty
  56. https://www.wireshark.org/docs/
  57. https://ask.wireshark.org/
  58. https://www.wireshark.org/lists/
  59. https://bugs.wireshark.org/
  60. http://www.wiresharktraining.com/
  61. https://www.wireshark.org/faq.html