From 982fc7184d46621948e53b485c7504c9d11f3350 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 17 May 2024 17:00:59 +0200 Subject: Merging upstream version 4.2.5. Signed-off-by: Daniel Baumann --- doc/release-notes.adoc | 282 ++++++++++++++++++------------------------------- 1 file changed, 102 insertions(+), 180 deletions(-) (limited to 'doc/release-notes.adoc') diff --git a/doc/release-notes.adoc b/doc/release-notes.adoc index bb66460..137c591 100644 --- a/doc/release-notes.adoc +++ b/doc/release-notes.adoc @@ -24,20 +24,52 @@ If you are upgrading Wireshark 4.2.0 or 4.2.1 on Windows you will need to https: The following vulnerabilities have been fixed: -* wssalink:2024-06[] -T.38 dissector crash. -wsbuglink:19695[]. -cveidlink:2024-2955[]. -// Fixed in master: 6fd3af5e99 -// Fixed in release-4.2: 7be4bbb413d -// Fixed in release-4.0: c04f268605c -// Fixed in release-3.6: n/a -// CVSS AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +* wssalink:2024-07[] +MONGO and ZigBee TLV dissector infinite loops. +wsbuglink:19726[]. +cveidlink:2024-4854[]. +// Fixed in master: 38c0efcee8, 9ab952b964 +// Fixed in release-4.2: e9965fe303, cb267b4e52 +// Fixed in release-4.0: dd5b3b36d3e +// Fixed in release-3.6: 40ed7e814bc +// CVSS AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H +// CWE-835 +// * Fuzz job crash: fuzz-2024-03-30-7212.pcap. wsbuglink:19726[]. + +* wssalink:2024-08[] +The editcap command line utility could crash when chopping bytes from the beginning of a packet. +wsbuglink:19724[]. +cveidlink:2024-4853[]. +// Fixed in master: 7c744e7933 +// Fixed in release-4.2: 3911c7b7d2 +// Fixed in release-4.0: c10a98d2669 +// Fixed in release-3.6: 683166c81bc +// CVSS AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L // CWE-762 -// * Fuzz job crash: fuzz-2024-03-07-7208.pcap. wsbuglink:19695[]. - -Additionally, CVE-2024-24478, CVE-2024-24479, and CVE-2024-24476 were recently assigned to Wireshark without any coordination with the Wireshark project. -As far as we can determine, each one is based on invalid assumptions and we have requested that they be rejected. +// * The "handle_chopping" function in "editcap.c:2595" has a heap overflow vulnerability. wsbuglink:19724[]. + +* wssalink:2024-09[] +The editcap command line utility could crash when injecting secrets while writing multiple files. +wsbuglink:19782[]. +cveidlink:2024-4855[]. +// Fixed in master: be3550b3b1 +// Fixed in release-4.2: 32bde22d9b +// Fixed in release-4.0: f6cb547426d +// Fixed in release-3.6: xxx +// CVSS AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L +// CWE-416 +// * The "wtap_block_foreach_option" function on wiretap/file_access.c:2693 has a SEGV vulnerability. wsbuglink:19784[]. + +// * wssalink:2024-10[] +// Foo dissector {crash,infinite loop,memory leak}. +// wsbuglink:xxx[]. +// cveidlink:2024-xxx[]. +// Fixed in master: xxx +// Fixed in release-4.2: xxx +// Fixed in release-4.0: xxx +// Fixed in release-3.6: xxx +// CVSS AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H +// CWE-125 The following bugs have been fixed: @@ -46,16 +78,25 @@ The following bugs have been fixed: //* cveidlink:2014-2486[] //* Wireshark grabs your ID at 3 am, goes to Waffle House, and insults people. -* Extcap with configuration never starts; "Configure all extcaps before start of capture." is shown instead. wsbuglink:18487[]. -* Packet Dissection CSV Export includes last column even if hidden. wsbuglink:19666[]. -* Inject TLS secrets closes Wireshark on Windows. wsbuglink:19667[]. -* Fuzz job issue: fuzz-2024-02-27-7196.pcap. wsbuglink:19674[]. -* Wireshark crashes when adding another port to the HTTP dissector. wsbuglink:19677[]. -* Fuzz job issue: fuzz-2024-03-03-7204.pcap. wsbuglink:19685[]. -* Fuzz job issue: randpkt-2024-03-05-8004.pcap. wsbuglink:19688[]. -* When adding a new row to a table an error report may be inserted. wsbuglink:19705[]. -* '--export-objects' does not work as expected on tshark version later than 3.2.10. wsbuglink:19715[]. -* Fuzz job issue: fuzz-2024-03-21-7215.pcap. wsbuglink:19717[]. +* Flow Graph scrolls in the wrong direction vertically when pressing Up/Down. wsbuglink:12932[]. +* TCP Stream Window Scaling not working in version 2.6.1 and later. wsbuglink:15016[]. +* TCP stream graphs (Window scaling) axis display is confusing. wsbuglink:17425[]. +* LUA get_dissector does not give the correct dissector under 32-bit version. wsbuglink:18367[]. +* Lua: Segfault when registering a field or expert info twice. wsbuglink:19194[]. +* SSH can not decrypt when KEX is curve25519-sha256@libssh.org. wsbuglink:19240[]. +* Wireshark crash related to Lua `DissectorTable.heuristic_new()` wsbuglink:19603[]. +* MATE fails to extract HTTP2 User-Agent header. wsbuglink:19619[]. +* Fuzz job issue: fuzz-2024-02-29-7169.pcap. wsbuglink:19679[]. +* Fuzz job issue: fuzz-2024-03-02-7158.pcap. wsbuglink:19684[]. +* Problem to Decode 5GC-N7 HTTP for payload Application/JSON. wsbuglink:19723[]. +* Copying data as C String produces incorrect string. wsbuglink:19735[]. +* Incorrect decoding of supported Tx HE-MCS. wsbuglink:19737[]. +* reordercap: Fix packet reordering with multiple IDB's not at the beginning of a pcapng file. wsbuglink:19740[]. +* Wrong EPB lengths written if existing pcapng file has epb_hash options. wsbuglink:19766[]. +* On Windows, Export Displayed Packets dialog does not have "include depended upon packets" checkbox. wsbuglink:19772[]. +* vnd.3gpp.sms binary payload NOT decoded inside HTTP2 5GC. wsbuglink:19773[]. +* NAS 5G message container dissection. wsbuglink:19793[]. +* Incorrect interpretation of algorithm name in packet-tls-utils.c. wsbuglink:19801[]. === New and Updated Features @@ -73,179 +114,59 @@ There are no new protocols in this release. === Updated Protocol Support // Add one protocol per line between the -- delimiters. -// ag -A1 '(define PSNAME|proto_register_protocol[^_])' $(git diff --name-only v4.2.4.. | ag packet- | sort -u) +// ag -A1 '(define PSNAME|proto_register_protocol[^_])' $(git diff --name-only v4.2.5.. | ag packet- | sort -u) [commaize] -- -6LoWPAN -AllJoyn -AFP -AMQP -ASAP -Babel -BACnet -Banana -BEEP -Bencode -BFCP -BGP -BT-DHT -BT BNEP -BT SDP -BVLC -CIP -CMIP -CMP -COROSYNC/TOTEMSRP -COSE +5co_legacy +5co_rap +BT Mesh CQL -CSN.1 -DAP -DCCP -DICOM -DCOM -DHCPv6 -DISP DOCSIS MAC MGMT -DOF -DVB-S2 -E2AP -EDONKEY -ENRP -ErlDP -Etch -EXTREME MESH -FC-SWILS -GNW -GIOP -GLOW -GOOSE +E.212 +EPL +FC FZS GQUIC -GSM A-bis OML -GSUP -GTPv2 -H.223 -H.225.0 -H.245 -H.248 -H.264 -H.265 -HSMS +GRPC +GSM RP +HTTP2 ICMPv6 -ICQ -IEEE1609dot2 -IPP -IPPUSB -ISAKMP -iSCSI -ISIS LSP -ISO 7816 -ISUP -ITS -JSON 3GPP -JXTA -Kafka -KINK -KNX/IP -LDAP -LDP -5GLI -LISP TCP -LISP -LLRP -LwM2M-TLV -M2UA -M3UA -MAC-LTE -MBIM -MMS +IEEE 1905 +IEEE 802.11 +IPARS +JSON-3GPP +LAPD +LLDP +MATE MONGO -MPEG PES -MPLS Echo -MQ PCF -MQTT-SN -MSDP -MsgPack -MS-WSP -NAS-5GS -CFLOW -NETLINK -NHRP -OpenFlow -OpenWire -OPSI -OSC -P22 -P7 -PANA -PIM -ProtoBuf -PROXY -Q.2931 -QNET -RDP -RESP -RPL -RSL -RSVP -RTLS -RTMPT -RTPS -S7COMM -SCTP -SIMULCRYPT -SoulSeek -SMB2 -SML -SNA -SNMP -Socks -SolarEdge -SOME/IP -SUA -T.38 -TCAP -TEAP -TFTP -Thread -Thrift -TN5250 -USBHID -USBVIDEO -VP9 -WASSP -WLCCP -WTP -X.509IF -X.509SAT -XML -XMPP -YAMI -Z39.50 -ZigBee ZCL -Gryphon -PNIO -WiMAX ASN CP +NAS 5GS +NR-RRC +PER +PFCP +PTP +QUIC +SSH +TIPC +ZBD -- === New and Updated Capture File Support -There is no new or updated capture file support in this release. -// Add one file type per line between the -- delimiters. -// [commaize] -// -- -// -- - -=== Updated File Format Decoding Support - -// There is no updated file format support in this release. +// There is no new or updated capture file support in this release. // Add one file type per line between the -- delimiters. [commaize] -- BLF -JPEG -RBM +pcapng -- +=== Updated File Format Decoding Support + +There is no updated file format support in this release. +// Add one file type per line between the -- delimiters. +// [commaize] +// -- +// -- + // === New and Updated Capture Interfaces support // === New and Updated Codec support @@ -257,7 +178,8 @@ RBM This document only describes the changes introduced in Wireshark {wireshark-version}. You can find release notes for prior versions at the following locations: -* https://www.wireshark.org/docs/relnotes/wireshark-4.2.2.html[Wireshark 4.2.3] +* https://www.wireshark.org/docs/relnotes/wireshark-4.2.4.html[Wireshark 4.2.4] +* https://www.wireshark.org/docs/relnotes/wireshark-4.2.3.html[Wireshark 4.2.3] * https://www.wireshark.org/docs/relnotes/wireshark-4.2.2.html[Wireshark 4.2.2] * https://www.wireshark.org/docs/relnotes/wireshark-4.2.1.html[Wireshark 4.2.1] * https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html[Wireshark 4.2.0] -- cgit v1.2.3