WireShark 1.4.4 (64-bit)

What's new in this version:

Bug Fixes:
- The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
- Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that Wireshark could free an uninitialized pointer while reading a malformed pcap-ng file. (Bug 5652) 
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
CVE-2011-0538
- Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a large packet length in a pcap-ng file could crash Wireshark. (Bug 5661) 
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
- Wireshark could overflow a buffer while reading a Nokia DCT3 trace file. 
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
CVE-2011-0713
- Paul Makowski working for SEI/CERT discovered that Wireshark on 32 bit systems could crash while reading a malformed 6LoWPAN packet. (Bug 5722) 
Versions affected: 1.4.0 to 1.4.3.
- joernchen of Phenoelit discovered that the LDAP and SMB dissectors could overflow the stack. (Bug 5717) 
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)
- Xiaopeng Zhang of Fortinet's Fortiguard Labs discovered that large LDAP Filter strings can consume excessive amounts of memory. (Bug 5732) 
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)

The following bugs have been fixed:
- A TCP stream would not always be recognized as the same stream. (Bug 2907)
- Wireshark Crashing by pressing 2 Buttons. (Bug 4645)
- A crash can occur in the NTLMSSP dissector. (Bug 5157)
- The column texts from a Lua dissector could be mangled. (Bug 5326) (Bug 5630)
- Corrections to ANSI MAP ASN.1 specifications. (Bug 5584)
- When searching in packet bytes, the field and bytes are not immediately shown. (Bug 5585)
- Malformed Packet: ULP reported when dissecting ULP SessionID PDU. (Bug 5593)
- Wrong IEI in container of decode_gtp_mm_cntxt. (Bug 5598)
- Display filter does not work for expressions of type BASE_DEC, BASE_DEC_HEX and BASE_HEX_DEC. (Bug 5606)
- NTLMSSP dissector may fail to compile due to space embedded in C comment delimiters. (Bug 5614)
- Allow for name resolution of link-scope and multicast IPv6 addresses from local host file. (Bug 5615)
- DHCPv6 dissector formats DUID_LLT time incorrectly. (Bug 5627)
- Allow for IEEE 802.3bc-2009 style PoE TLVs. (Bug 5639)
- Various fixes to the HIP packet dissector. (Bug 5646)
- Display "Day of Year" for January 1 as 1, not 0. (Bug 5653)
- Accommodate the CMake build on Ubuntu 10.10. (Bug 5665)
- E.212 MCC 260 Poland update according to local national regulatory. (Bug 5668)
- IPP on ports other than 631 not recognized. (Bug 5677)
- Potential access violation when writing to LANalyzer files. (Bug 5698)
- IEEE 802.15.4 Superframe Specification - Final CAP Slot always 0. (Bug 5700)
- Peer SRC and DST AS numbers are swapped for cflow. (Bug 5702)
- dumpcap: -q option behavior doesn't match documentation. (Bug 5716)

New and Updated Features:
- There are no new features in this release.

New Protocol Support:
- There are no new protocols in this release.

Updated Protocol Support:
- ANSI MAP, BitTorrent, DCM, DHCPv6, DTAP, DTPT, E.212, GSM Management, GTP, HIP, IEEE 802.15.4, IPP, LDAP, LLDP, Netflow, NTLMSSP, P_Mul, Quake, Skinny, SMB, SNMP, ULP

New and Updated Capture File Support:
- LANalyzer, Nokia DCT3, Pcap-ng

Getting Wireshark:
- Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.

Vendor-supplied Packages:
- Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations:
- Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.