2 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
9 -Use this section to encode all document information
15 <!ENTITY EtherealCurrentVersion "0.99.0">
20 <title>Ethereal &EtherealCurrentVersion; Release Notes</title>
22 <section id="WhatIs"><title>What is Ethereal?</title>
24 Ethereal is the world's most popular network protocol analyzer. It
25 is used for troubleshooting, analysis, development, and education.
29 <section id="WhatsNew"><title>What's New</title>
30 <section><title>Bug Fixes</title>
32 Many security vulnerabilities have been fixed since the
33 previous release. See the
34 <ulink url="http://www.ethereal.com/appnotes/enpa-sa-00022.html">application
35 advisory</ulink> for more details.
39 The H.248 dissector could crash.
40 <!-- Fixed in r16967, r17015 -->
42 Versions affected: 0.10.14.
46 The UMA dissector could go into an infinite loop.
47 <!-- Fixed in r17119, r17273 -->
49 Versions affected: 0.10.12.
52 <!-- Canary bugs found after r17235 -->
55 The X.509if dissector could crash.
56 <!-- Fixed in r16995, r17337 -->
57 <!-- Bug IDs: None -->
58 Versions affected: 0.10.14.
62 The SRVLOC dissector could crash.
63 <!-- Fixed in r17001 -->
64 <!-- Bug IDs: None -->
65 Versions affected: 0.10.0.
69 The H.245 dissector could crash.
70 <!-- Fixed in r17022 -->
72 Versions affected: 0.10.13.
76 Ethereal's OID printing routine was susceptible to an
78 <!-- Fixed in r17048 -->
80 Versions affected: 0.10.14.
84 The COPS dissector could overflow a buffer.
85 <!-- Fixed in r17051 -->
86 <!-- Bug IDs: None -->
87 Versions affected: 0.9.15.
91 The ALCAP dissector could overflow a buffer.
92 <!-- Fixed in r17495 -->
94 Versions affected: 0.10.14.
99 <!-- Coverity bugs (r17489 and above) -->
101 Under a grant funded by the U.S. Department of Homeland Security,
102 <ulink url="http://www.coverity.com">Coverity</ulink> has uncovered
103 a number of vulnerabilities in Ethereal:
106 <!-- CID 1 - 30: DEADCODE -->
108 <!-- CID 31 - 63: FORWARD_NULL -->
110 <!-- CID 31: Post-0.10.14 -->
113 The statistics counter could crash Ethereal.
114 <!-- Fixed in r17497 -->
115 <!-- Bug IDs: None -->
116 <!-- Coverity CID 32 -->
117 Versions affected: 0.10.10.
121 Ethereal could crash while reading a malformed Sniffer capture.
122 <!-- Fixed in r17556 -->
123 <!-- Bug IDs: None -->
124 <!-- Coverity CID 33 -->
125 Versions affected: 0.8.12.
129 An invalid display filter could crash Ethereal.
130 <!-- Fixed in r17555 -->
131 <!-- Bug IDs: None -->
132 <!-- Coverity CID 34 -->
133 Versions affected: 0.9.16.
137 The general packet dissector could crash Ethereal.
138 <!-- Fixed in r17494 -->
139 <!-- Bug IDs: None -->
140 <!-- Coverity CID 35 -->
141 Versions affected: 0.10.9.
144 <!-- CID 36 - 38: Bogus -->
147 The AIM dissector could crash Ethereal.
148 <!-- Fixed in r17512 -->
149 <!-- Bug IDs: None -->
150 <!-- Coverity CID 39 -->
151 Versions affected: 0.10.7.
155 The RPC dissector could crash Ethereal.
156 <!-- Fixed in r17546 -->
157 <!-- Bug IDs: None -->
158 <!-- Coverity CID 40 -->
159 Versions affected: 0.9.8.
163 The DCERPC dissector could crash Ethereal.
164 <!-- Fixed in r17657 -->
165 <!-- Bug IDs: None -->
166 <!-- Coverity CID 41 -->
167 Versions affected: 0.9.16.
171 The ASN.1 dissector could crash Ethereal.
172 <!-- Fixed in r17548 -->
173 <!-- Bug IDs: None -->
174 <!-- Coverity CID 42, 43 -->
175 Versions affected: 0.9.8.
179 The SMB PIPE dissector could crash Ethereal.
180 <!-- Fixed in r17509, r17523, r17621, r17708 -->
181 <!-- Bug IDs: None -->
182 <!-- Coverity CID 44, 46, 47, 48 -->
183 Versions affected: 0.8.20.
186 <!-- CID 45: Bogus -->
187 <!-- CID 46 - 48: See CID 44 -->
188 <!-- CID 49: Bogus -->
189 <!-- CID 50-59: Not security-related -->
192 The SIP statistics feature could crash Ethereal.
193 <!-- Fixed in r17493 -->
194 <!-- Bug IDs: None -->
195 <!-- Coverity CID 60 -->
196 Versions affected: 0.10.4.
199 <!-- CID 61 - 62: Not security-related -->
200 <!-- CID 63 - 66: Bogus -->
203 The BER dissector could loop excessively.
204 <!-- Fixed in r17498, r17625 -->
205 <!-- Bug IDs: None -->
206 <!-- Coverity CID 67, 68, 136 -->
207 Versions affected: 0.10.4.
210 <!-- CID 69 - 72: Bogus -->
213 The SNDCP dissector could abort.
214 <!-- Fixed in r17518 -->
215 <!-- Bug IDs: None -->
216 <!-- Coverity CID 73 -->
217 Versions affected: 0.10.4.
220 <!-- CID 74 - 78: Bogus -->
221 <!-- CID 79: Lemon is a build-time tool -->
222 <!-- CID 80: Bogus -->
223 <!-- CID 81: Post-0.10.14 -->
226 The Network Instruments file code could overrun a buffer.
227 <!-- Fixed in r17520 -->
228 <!-- Bug IDs: None -->
229 <!-- Coverity CID 82 -->
230 Versions affected: 0.10.0.
234 The NetXray/Windows Sniffer file code could overrun a buffer.
235 <!-- Fixed in r17580 -->
236 <!-- Bug IDs: None -->
237 <!-- Coverity CID 83 -->
238 Versions affected: 0.10.13.
241 <!-- CID 83 - 103: Bogus -->
244 The GSM SMS dissector could crash Ethereal.
245 <!-- Fixed in r17506 -->
246 <!-- Bug IDs: None -->
247 <!-- Coverity CID 104 -->
248 Versions affected: 0.9.16.
251 <!-- CID 105: Bogus -->
254 The telnet dissector could overrun a buffer.
255 <!-- Fixed in r17487 -->
256 <!-- Bug IDs: None -->
257 <!-- Coverity CID 106 -->
258 Versions affected: 0.8.5.
261 <!-- CID 107: See CID 79 -->
262 <!-- CID 108: Not security-related -->
265 The ASN.1 dissector could crash Ethereal.
266 <!-- Fixed in r17489 -->
267 <!-- Bug IDs: None -->
268 <!-- Coverity CID 109 -->
269 Versions affected: 0.9.10.
273 The ASN.1 dissector could crash Ethereal.
274 <!-- Fixed in r17489 -->
275 <!-- Bug IDs: None -->
276 <!-- Coverity CID 109 -->
277 Versions affected: 0.9.10.
280 <!-- CID 110: Not security-related -->
281 <!-- CID 111: Bogus -->
282 <!-- CID 112: Not security-related -->
285 The H.248 dissector could crash Ethereal.
286 <!-- Fixed in r17571 -->
287 <!-- Bug IDs: None -->
288 <!-- Coverity CID 113,114 -->
289 Versions affected: 0.10.11.
292 <!-- CID 115, 116: See CID 79 -->
293 <!-- CID 117: Bogus -->
294 <!-- CID 118 - 119: Not security-related -->
295 <!-- CID 120 - 121: Bogus -->
296 <!-- CID 122 - 126: Not security-related -->
297 <!-- CID 127: Bogus -->
300 The DCERPC NT dissector could crash Ethereal.
301 <!-- Fixed in r17511 -->
302 <!-- Bug IDs: None -->
303 <!-- Coverity CID 128 -->
304 Versions affected: 0.9.14.
307 <!-- CID 129: Bogus -->
308 <!-- CID 130 - 134: Not security-related -->
311 The PER dissector could crash Ethereal.
312 <!-- Fixed in r17511 -->
313 <!-- Bug IDs: None -->
314 <!-- Coverity CID 135 -->
315 Versions affected: 0.9.14.
318 <!-- CID 136: See CID 67 -->
319 <!-- CID 137 - 139: Not security-releated -->
320 <!-- CID 140 - 141: Bogus -->
321 <!-- CID 142: Not security-releated -->
322 <!-- CID 143 - 144: See CID 79 -->
323 <!-- CID 145: Post-0.10.14 -->
329 Win32: Unicode characters in the users profile path causes problems
330 reading/writing the preferences (and alike) files.
331 <!-- Fixed in r17024,r17025 -->
332 <!-- Bug IDs: 648 -->
333 Versions affected: 0.10.14.
338 <section><title>New and Updated Features</title>
340 The following features are new (or have been significantly updated)
341 since the last release:
345 The new command line tool <command>dumpcap</command> makes it
346 possible to capture network data without the drawbacks of (t)ethereal
347 (memory usage, security problems, ...) while keeping the benefit of
348 advanced techniques like multiple (ringbuffer) files and alike.
351 The manpage of <command>dumpcap</command> in HTML format is available
352 at: <ulink url="http://www.ethereal.com/docs/"/>
356 Win32: Catch hardware exceptions caused by buggy dissectors.
357 If e.g. a NULL pointer exceptions occurs, Ethereal won't crash now
358 but displays the exception and tries to continue decoding packets.
362 The Windows version of Ethereal now uses native open and save
366 In related news, Ethereal now runs as a full-fledged Unicode
367 application under Windows.
371 Recent versions of Ethereal were flagging packets with an
372 incorrect TCP checksum as malformed. False positives were
373 being triggered on systems that use TCP checksum offloading.
374 We now check to see if the checksum is <emphasis>not</emphasis>
375 0x0000 before flagging the packet as malformed.
377 <note><title>Please Note</title>
379 If your system uses TCP checksum offloading <emphasis>and</emphasis>
380 Ethereal still shows bad checksums for outgoing TCP packets
381 <emphasis>and</emphasis> the checksums for outgoing TCP packets
382 are <emphasis>not</emphasis> 0x0000, this could mean that your
383 operating system is exposing kernel memory unneccessarily. If
384 this is the case, you should report the problem to your OS
394 <section><title>New Protocol Support</title>
400 <section><title>Updated Protocol Support</title> <para>
405 <section><title>New and Updated Capture File Support</title>
413 <section id="GettingEthereal"><title>Getting Ethereal</title>
414 <section><title>Microsoft Windows</title>
416 Download ethereal-setup-&EtherealCurrentVersion;.exe from the
417 <ulink url="http://www.ethereal.com/distribution/win32/">Windows
418 download area</ulink> on the main web site. Double-click the
419 installer executable.
423 <section><title>Sun Solaris</title>
425 Download the appropriate package from the
426 <ulink url="http://www.ethereal.com/distribution/solaris/">Solaris
427 download area</ulink> on the main web site. Uncompress the package
428 using bzip2, and install it using pkgadd.
432 <section><title>Source Code</title>
434 Download ethereal-&EtherealCurrentVersion;.tar.gz from the
435 <ulink url="http://www.ethereal.com/distribution/">main
436 download area</ulink> on the web site. Extract the package
437 using tar and gzip. Run "configure ; make ; make install".
441 <section><title>Vendor-supplied Packages</title>
443 Most Linux and Unix vendors supply their own Ethereal packages.
444 You can install or upgrade Ethereal using the package management
445 system specific to that platform. A list of third-party packages
446 can be found on the <ulink url="http://www.ethereal.com/download.html#otherplat">download page</ulink> on the Ethereal web site.
452 <!-- XXX needs to be written
453 <section id="RemovingEthereal"><title>Removing Ethereal</title>
459 <section id="FileLocations"><title>File Locations</title>
461 Ethereal and Tethereal look in several different locations for
462 preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
463 These locations vary from platform to platform. You can use
464 About->Folders to find the default locations on your system.
468 <section id="KnownProblems"><title>Known Problems</title>
471 On Windows systems the packet list scroll bar can sometimes disappear
472 or become unusable. Until the problem is fixed you can work around it
473 by resizing the packet list or the main window.
474 (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220">Bug
479 The <guibutton>Filter</guibutton> button is nonfunctional in the
480 file dialogs under Windows.
485 <section id="GettingHelp"><title>Getting Help</title>
487 Community support is available on the ethereal-users mailing list.
488 Subscription information and archives for all of Ethereal's mailing
489 lists can be found on <ulink url="http://www.ethereal.com/lists/">the
490 web site</ulink>. There is also an <ulink url="irc://irc.freenode.net/ethereal">IRC channel dedicated to Ethereal</ulink>.
493 Commercial support, training, and development services are available
494 from <ulink url="http://www.etherealsoft.com/">Ethereal Software</ulink>.
498 <section id="FAQ"><title>Frequently Asked Questions</title>
500 A complete FAQ is available on the
501 <ulink url="http://www.ethereal.com/faq.html">Ethereal web site</ulink>.