Cleaner, more secure versions 1.6.8 and 1.4.13 of the open source Wireshark network protocol analyzer are ready to go.
The maintenance and security updates to the cross-platform tool address three vulnerabilities an attacker could exploit to cause a denial-of-service (DoS).
These include a memory allocation flaw in the DIAMETER dissector, infinite and large loops in eight other dissectors, and a memory alignment flaw when running on SPARC or Itanium processors.
For an attack to be successful, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file.
Versions 1.4.0 to 1.4.12 and 1.6.0 to 1.6.7 suffer from the issue; upgrading to 1.4.13 or 1.6.8 corrects these problems.
A full list of changes and bug fixes in the updates are in the 1.4.13 and 1.6.8 release notes. Wireshark 1.4.13 and 1.6.8 are available to download from the project’s site and its license is from the GPLv2