Software Update: Wireshark 2.6.5

Version 2.6.5 of the open source protocol analyzer and packet niffer Wireshark has been released. With this program, various data packets and network protocols on the network can be analyzed. Also, the program can use previously saved data traffic as input. Wireshark runs on Windows, Linux, and macOS, with separate downloads for 32bit and 64bit versions of the operating systems. The following changes and improvements have been made in this release:

What’s New

• The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5.

The following vulnerabilities have been fixed:

• wnpa-sec-2018-51 The Wireshark dissection engine could crash. Bug 14466† CVE-2018-19625†
• wnpa-sec-2018-52 The DCOM dissector could crash. Bug 15130† CVE-2018-19626†
• wnpa-sec-2018-53 The LBMPDM dissector could crash. Bug 15132† CVE-2018-19623†
• wnpa-sec-2018-54 The MMSE dissector could go into an infinite loop. Bug 15250† CVE-2018-19622†
• wnpa-sec-2018-55 The IxVeriWave file parser could crash. Bug 15279† CVE-2018-19627†
• wnpa-sec-2018-56 The PVFS dissector could crash. Bug 15280† CVE-2018-19624†
• wnpa-sec-2018-57 The ZigBee ZCL dissector could crash. Bug 15281† CVE-2018-19628†

The following bugs have been fixed:

• VoIP Calls dialog doesn’t include RTP stream when preparing a filter. Bug 13440†
• Wireshark installs on macOS with permissions for /Library/Application Support/Wireshark that are too restrictive. Bug 14335†
• Closing Enabled Protocols dialog crashes wireshark. Bug 14349†
• Unable to Export Objects → HTTP after sorting columns. Bug 14545†
• DNS Response to NS query shows as malformed packet. Bug 14574†
• Encrypted Alerts corresponds to a wrong selection in the packet bytes pane. Bug 14712†
• Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols enabled. Bug 15014†
• ESP will not decode since 2.6.2 – works fine in 2.4.6 or 2.4.8. Bug 15056†
• text2pcap generates malformed packets when TCP
• UDP or SCTP headers are added together with IPv6 header. Bug 15194†
• Wireshark tries to decode EAP-SIM Pseudonym Identity. Bug 15196†
• Infinite read loop when extcap exits with error and error message. Bug 15205†
• MATE unable to extract fields for PDU. Bug 15208†
• Malformed Packet: SV. Bug 15224†
• OPC UA Max nesting depth exceeded for valid packet. Bug 15226†
• TShark 2.6 does not print GeoIP information. Bug 15230†
• ISUP (ANSI) packets malformed in WS versions later than 2.4.8. Bug 15236†
• Handover candidate request message not decoded. Bug 15237†
• TShark piping output in a cmd or PowerShell prompt stops working when GeoIP is enabled. Bug 15248†
• ICMPv6 with routing header incorrectly placed. Bug 15270†
• IEEE 802.11 Vendor Specific fixed fields display as malformed packets. Bug 15273†
• text2pcap -4 and -6 option should require -i as well. Bug 15275†
• text2pcap direction sensitivity does not affect dummy ethernet addresses. Bug 15287†
• MLE security suite display incorrect. Bug 15288†
• Message for incorrect IPv4 option lengths is incorrect. Bug 15290†
• TACACS+ dissector does not properly reassemble large accounting messages. Bug 15293†
• NLRI or S-PMSI AD BGP route not being displayed. Bug 15307†

Updated Protocol Support

• BGP
• DCERPC
• DCOM
• DNS
• EAP
• ESP
• GSM A BSSMAP
• IEEE 802.11
• IEEE 802.11 Radio Tap
• IPv4
• IPv6
• ISUP
• LBMPDM
• LISP
• MLE
• MMSE
• OpcUa
• PVFS
• SLL
• SSL/TLS
• SV
• TACACS+
• TCAP
• Wi-SUN
• XRA
• ZigBee ZCL

New and Updated Capture File Support

• 3GPP TS 32.423 Trace
• IxVeriWave

New and Updated Capture Interfaces support

• sshdump

The following downloads are available:
Wireshark 2.6.5 for Windows (32bit)
Wireshark 2.6.5 for Windows (64 bit)
Wireshark 2.6.5 for PortableApps
Wireshark 2.6.5 for macOS 10.6 and above (64bit)
Wireshark 2.6.5 source code for Linux, Solaris and *BSD among others