Wireshark-dev: [Wireshark-dev] Wireshark 4.2.1 is now available

Date Prev · Date Next · Thread Prev · Thread Next
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Wed, 3 Jan 2024 12:28:25 -0800
I'm proud to announce the release of Wireshark 4.2.1.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

  Wireshark is hosted by the Wireshark Foundation, a nonprofit which
  promotes protocol analysis educaton. Wireshark and the foundation
  depend on your contributions in order to do their work. If you or your
  employer would like to contribute or become a sponsor, please visit
  wiresharkfoundation.org[1].

 What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

     • wnpa-sec-2024-01[2] GVCP dissector crash. Issue 19496[3].
       CVE-2024-0208[4].

     • wnpa-sec-2024-02[5] IEEE 1609.2 dissector crash. Issue 19501[6].
       CVE-2024-0209[7].

     • wnpa-sec-2024-03[8] HTTP3 dissector crash. Issue 19502[9].
       CVE-2024-0207[10].

     • wnpa-sec-2024-04[11] Zigbee TLV dissector crash. Issue 19504[12].
       CVE-2024-0210[13].

     • wnpa-sec-2024-05[14] DOCSIS dissector crash. Issue 19557[15].
       CVE-2024-0211[16].

   The following bugs have been fixed:

     • Capture filters not saved to recently used list. Issue 12918[17].

     • CFM dissector does not handle Sender ID TLV correctly when
       Chassis ID Length is zero. Issue 13720[18].

     • OSS-Fuzz 64290: wireshark:fuzzshark_ip: Global-buffer-overflow in
       dissect_zcl_read_attr_struct. Issue 19490[19].

     • Overriding capture options set by preference by command line
       arguments (like -S) doesn’t work. Issue 14549[20].

     • Segfault when enabling monitor mode on wireless card that falsely
       claims to support it. Issue 16693[21].

     • Documented format of temporary file name is out of date in the
       Wireshark User’s Guide. Issue 18464[22].

     • Selection highlight lost when interface list is sorted. Issue
       19133[23].

     • HTTP3 malformed packets. Issue 19475[24].

     • Capture filter compilation fails with obscure error message.
       Issue 19480[25].

     • XML: Parsing encoding attribute failed when standalone attribute
       exists. Issue 19485[26].

     • Display filter expressions where the protocol name starts with
       digit and contains a hyphen are rejected. Issue 19489[27].

     • diameter.3GPP-* display filters not working after upgrade to
       version 4.2.0. Issue 19493[28].

     • GigE-vision: Control Protocol shows \"unknown\" as value for
       ASCII character set. Issue 19494[29].

     • The HTTP/3 Request Header URI is not correct. Issue 19497[30].

     • QUIC/TLS not extracting \"h3\" from ALPN in a capture. Issue
       19503[31].

     • Documentation on system requirements should be updated. Issue
       19512[32].

     • 4.2.0: init.lua in subdirectories not loaded anymore. Issue
       19516[33].

     • Malformed SIP/SDP messages: components are not decoded properly.
       Issue 19518[34].

     • heuristic_protos do not reset on profile swap. Issue 19520[35].

     • Wireshark 4.2 crashes on Apply As Column. Issue 19521[36].

     • NFLOG timestamp is incorrect. Issue 19525[37].

     • Qt6 Crash (Double Free) When Attempting to Save TCP Stream Graph.
       Issue 19529[38].

     • Fixed parsing display filter expressions containing literal OID
       values, e.g. `snmp.name == 1.3.6.1.2.1.1.3.0`.

  New and Updated Features

   There are no new or updated features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

  New and Updated Capture File Support

   There is no new or updated capture file support in this release.

   pcapng: the if_tsoffset option is now supported.

 Prior Versions

  This document only describes the changes introduced in Wireshark
  4.2.1. You can find release notes for prior versions at the following
  locations:

    • Wireshark 4.2.0[39]

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[40] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q&A site[41] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[42].

  Bugs and feature requests can be reported on the issue tracker[43].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[44].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[45].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[46].

 References

   1. https://wiresharkfoundation.org
   2. https://www.wireshark.org/security/wnpa-sec-2024-01
   3. https://gitlab.com/wireshark/wireshark/-/issues/19496
   4. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0208
   5. https://www.wireshark.org/security/wnpa-sec-2024-02
   6. https://gitlab.com/wireshark/wireshark/-/issues/19501
   7. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0209
   8. https://www.wireshark.org/security/wnpa-sec-2024-03
   9. https://gitlab.com/wireshark/wireshark/-/issues/19502
  10. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0207
  11. https://www.wireshark.org/security/wnpa-sec-2024-04
  12. https://gitlab.com/wireshark/wireshark/-/issues/19504
  13. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0210
  14. https://www.wireshark.org/security/wnpa-sec-2024-05
  15. https://gitlab.com/wireshark/wireshark/-/issues/19557
  16. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0211
  17. https://gitlab.com/wireshark/wireshark/-/issues/12918
  18. https://gitlab.com/wireshark/wireshark/-/issues/13720
  19. https://gitlab.com/wireshark/wireshark/-/issues/19490
  20. https://gitlab.com/wireshark/wireshark/-/issues/14549
  21. https://gitlab.com/wireshark/wireshark/-/issues/16693
  22. https://gitlab.com/wireshark/wireshark/-/issues/18464
  23. https://gitlab.com/wireshark/wireshark/-/issues/19133
  24. https://gitlab.com/wireshark/wireshark/-/issues/19475
  25. https://gitlab.com/wireshark/wireshark/-/issues/19480
  26. https://gitlab.com/wireshark/wireshark/-/issues/19485
  27. https://gitlab.com/wireshark/wireshark/-/issues/19489
  28. https://gitlab.com/wireshark/wireshark/-/issues/19493
  29. https://gitlab.com/wireshark/wireshark/-/issues/19494
  30. https://gitlab.com/wireshark/wireshark/-/issues/19497
  31. https://gitlab.com/wireshark/wireshark/-/issues/19503
  32. https://gitlab.com/wireshark/wireshark/-/issues/19512
  33. https://gitlab.com/wireshark/wireshark/-/issues/19516
  34. https://gitlab.com/wireshark/wireshark/-/issues/19518
  35. https://gitlab.com/wireshark/wireshark/-/issues/19520
  36. https://gitlab.com/wireshark/wireshark/-/issues/19521
  37. https://gitlab.com/wireshark/wireshark/-/issues/19525
  38. https://gitlab.com/wireshark/wireshark/-/issues/19529
  39. https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html
  40. https://www.wireshark.org/download.html
  41. https://ask.wireshark.org/
  42. https://www.wireshark.org/lists/
  43. https://gitlab.com/wireshark/wireshark/-/issues
  44. https://sharkfest.wireshark.org
  45. https://wiresharkfoundation.org
  46. https://www.wireshark.org/faq.html


Digests

wireshark-4.2.1.tar.xz: 44942940 bytes
SHA256(wireshark-4.2.1.tar.xz)=50669fb0894310b68372ec8ff6a353d4c23b692121c529b8806b2e332b7d8770
SHA1(wireshark-4.2.1.tar.xz)=3fa6ddbac07fb64ed5e447086542cabb9e4cfee0

Wireshark-4.2.1-arm64.exe: 67816800 bytes
SHA256(Wireshark-4.2.1-arm64.exe)=8bbc0827c1ab410dbca6b6026790c2ba03a58ea864a56056ff9208dae6bcd1aa
SHA1(Wireshark-4.2.1-arm64.exe)=0530f1f74b6c74fde3e8ec5790f9d9edde917ba6

Wireshark-4.2.1-x64.exe: 86312224 bytes
SHA256(Wireshark-4.2.1-x64.exe)=c9e89dd241b7e0bdc86eb23be60ff6039a3cc69e8abd1a029112dcc642c98e86
SHA1(Wireshark-4.2.1-x64.exe)=bd3bbb77d9531753fa9f63db36e1b4e62699397f

Wireshark-4.2.1-x64.msi: 62750720 bytes
SHA256(Wireshark-4.2.1-x64.msi)=7bf64faeb2c2bd85287e3ca304330461fc1d8801c0ebbf1c0c3a30aab644e05f
SHA1(Wireshark-4.2.1-x64.msi)=ecab5fc9bf6cd1e19771209bfe1f3831d13efa10

WiresharkPortable64_4.2.1.paf.exe: 53527432 bytes
SHA256(WiresharkPortable64_4.2.1.paf.exe)=f76b7341741f1d331de7e23ac5ea48498e24209289fe3c1fba7f4e81bd3661b4
SHA1(WiresharkPortable64_4.2.1.paf.exe)=e03ad0d5696788f52aaa7d3fd247f6f72b28c5c4

Wireshark 4.2.1 Arm 64.dmg: 65655893 bytes
SHA256(Wireshark 4.2.1 Arm 64.dmg)=9ca7fcdb382c0665c77d580dd6b6db8a5d2e50758fc9f34bffbba267cfb49b37
SHA1(Wireshark 4.2.1 Arm 64.dmg)=2d568c35ca95eefa9e9e7a3838dcd0441d0bfd06

Wireshark 4.2.1 Intel 64.dmg: 69037550 bytes
SHA256(Wireshark 4.2.1 Intel 64.dmg)=35080517e048a7ca7a3fe80b88c9f4457e8b6f9948b3cbeb22c920fbacd7e234
SHA1(Wireshark 4.2.1 Intel 64.dmg)=5a0e2a4830e06d04a6196fa9df762ce9ed4d2ae5

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature