Versions 1.4.11 and 1.6.5 of the open source Wireshark network protocol analyzer fixes bugs and closes holes found in the previous builds.
The maintenance and security updates to the cross-platform tool fix several vulnerabilities that an attacker could exploit to cause a denial-of-service (DoS) or compromise a victim’s system.
The vulnerabilities include a NULL pointer deference error when displaying packet information, issues in the file parser that cause Wireshark to fail to properly check record sizes for a number of packet capture formats, and an RLC dissector buffer overflow bug.
Versions 1.4.0 to 1.4.10 and 1.6.0 to 1.6.4 suffer from the vulnerabilities; upgrading to the new releases fixes these issues.
Wireshark 1.4.11 and 1.6.5 are available to download from the project’s site for Windows, Mac OS X and Linux. Source code for Wireshark is under the GPLv2.