kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/zeek
History
Craig Leres 730455c58e security/zeek: Update to 6.0.0 
https://github.com/zeek/zeek/releases/tag/v6.0.1

This release fixes the following potential DoS vulnerabilities:

 - File extraction limits were not correctly enforced for files
   containing large amounts of missing bytes.

 - Sessions are sometimes not cleaned up completely within Zeek
   during shutdown,
   potentially causing a crash when using the -B dpd flag for debug logging.

 - A specially-crafted HTTP packet can cause Zeek's filename
   extraction code to take a long time to process the data.

 - A specially-crafted series of FTP packets made up of a CWD request
   followed by a large amount of ERPT requests may cause Zeek to
   spend a long time logging the commands.

 - A specially-crafted VLAN packet can cause Zeek to overflow memory
   and potentially crash.

This release fixes the following bugs:

 - Fixed a base64 decoding issue with the authorization field of
   HTTP request headers that was sometimes causing Zeek to output
   error messages.

 - Ensure that Zeek builds use the internal version of Spicy instead
   of external installations, unless specifically configured for
   that mode.

 - Support was added for switch fields when exporting Spicy types
   to Zeek.

 - A number of fixes were added to protect against potential unbounded
   state growth with the SMB and DCE-RPC analyzers. SMB close
   requests will properly tear down an related DCE-RPC analyzers.

 - Fixed a regression in the UDP and TCP analyzers that was causing
   more data than necessary to be forwarded to the next analyzer
   in the chain.

 - A connection's value is now updated in-place when its directionality
   is flipped due to Zeek's heuristics (for example, SYN/SYN-ACK
   reversal or protocol specific approaches).

 - Fixed undefined symbols being reported from Spicy when building
   some of the binary packages for Zeek.

 - Loading policy/frameworks/notice/community-id.zeek now also
   automatically community ID logging.

 - Spicy no longer registers an extra port for every port registered
   in a plugin's .evt file.

 - Timeouts in DNS resolution no longer cause uncontrolled memory
   growth.

 - Fix check to skip DNS hostname lookups for notices that are not
   delivered via email in policy/frameworks/notice/extend-email/hostnames.

Reported by:	Tim Wojtulewicz
Security:	8eefa87f-31f1-496d-bf8e-2b465b6e4e8a
2023-09-12 14:27:54 -07:00
..
files security/zeek: Update to 6.0.0 2023-08-22 13:34:35 -07:00
distinfo security/zeek: Update to 6.0.0 2023-09-12 14:27:54 -07:00
Makefile security/zeek: Update to 6.0.0 2023-09-12 14:27:54 -07:00
pkg-descr
pkg-plist security/zeek: Update to 6.0.0 2023-09-12 14:27:54 -07:00