LANDesk Patch News Bulletin: Wireshark Version 1.6.8 has been released 24-MAY-2012

Version 1

    LANDesk Security and Patch News

     

    Headlines

    • (May 24, 2012) Wireshark version 1.6.8 has been released: The following bugs have been fixed:

     

    The following vulnerabilities have been fixed:

    wnpa-sec-2012-08

    Infinite and large loops in the ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti. (Bugs 6805, 7118, 7119, 7120, 7121, 7122, 7124, 7125)

    Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

     

    wnpa-sec-2012-09

    The DIAMETER dissector could try to allocate memory improperly and crash. (Bug 7138)

    Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

     

    wnpa-sec-2012-10

    Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann. (Bug 7221)

    Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

     

     

    The following bugs have been fixed:

     

    ·         User-Password - PAP decoding passwords longer than 16 bytes. (Bug 6779)

    ·         The MSISDN is not seen correctly in GTP packet. (Bug 7042)

    ·         Wireshark doesn't calculate the right IPv4 destination using source routing options when bad options precede them. (Bug 7043)

    ·         BOOTP dissector issue with DHCP option 82 - suboption 9. (Bug 7047)

    ·         MPLS dissector in 1.6.7 and 1.7.1 misdecodes some MPLS CW packets. (Bug 7089)

    ·         ANSI MAP infinite loop. (Bug 7119)

    ·         HCIEVT infinite loop. (Bug 7122)

    ·         Wireshark doesn't decode NFSv4.1 operations. (Bug 7127)

    ·         LTP infinite loop. (Bug 7124)

    ·         Wrong values in DNS CERT RR. (Bug 7130)

    ·         Megaco parser problem with LF in header. (Bug 7198)

    ·         OPC UA bytestring node id decoding is wrong. (Bug 7226)

     

     

    Resolution: Upgrade to Wireshark 1.6.8 or later.

           

    New Vulnerabilities

    • Vulnerability ID – WIRESHARKv1.6.8

     

    Changed Vulnerabilities

    • Vulnerability ID – WIRESHARKv1.6.7 (Added the replacement information.)

     

     

    New Patch Downloads

    • wireshark-win32-1.6.8.exe
    • wireshark-win64-1.6.8.exe

     

    Where to Send Feedback

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.

     

    Best regards,

    LANDesk Product Support

     

    Copyright © 2012 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

     

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.landesk.com.