Wireshark updates close security holes
According to the developers, these maintenance and security updates address multiple vulnerabilities that could, for example, cause the application to crash "by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file". These include issues related to a large/infinite loop in the DICOM dissector in Wireshark 1.4.x, and, in the 1.2.x branch, bugs in the X.509if dissector. A number of bugs in some of the 1.4.x dissectors have also been fixed. All users are advised to update to the latest versions.
Details about these maintenance and security updates, including a full list of changes, can be found in the 1.2.17 and 1.4.7 release notes. Wireshark binaries for Windows and Mac OS X, as well as the source code, are available to download and documentation is provided.
- Multiple vulnerabilities in Wireshark® version 1.4.0 to 1.4.6, a Wireshark security advisory.
- X.509if vulnerability in Wireshark® version 1.2.0 to 1.2.15, a Wireshark security advisory.