https://github.com/zeek/zeek/releases/tag/v4.0.1
This release fixes the following vulnerability:
- Fix null-pointer dereference when encountering an invalid enum
name in a config/input file that tries to read it into a set[enum].
For those that have such an input feed whose contents may come
from external/remote sources, this is a potential DoS vulnerability.
Other fixes:
- Fix mime type detection bug in IRC/FTP file_transferred event
for file data containing null-bytes
- Fix potential for missing timestamps in SMB logs
- Remove use of LeakSanitizer API on FreeBSD where it's unsupported
- Fix incorrect parsing of ERSPAN Type I
- Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests
notices where number of server heartbeats is greater than number
of client heartbeats.
- Fix missing user_agent existence check in smtp/software.zeek
(causes reporter.log error noise, but no functional difference)
- Fix include order of bundled headers to avoid conflicts with
pre-existing/system-wide installs
- Fix musl build (e.g. Void, Alpine, etc.)
- Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6
- Add check for null packet data in pcap IOSource, which is an
observed state in Myricom libpcap that crashes Zeek via null-pointer
dereference
- Allow CRLF line-endings in Zeek scripts and signature files
- Fix armv7 build
- Fix unserialization of set[function], generally now used by
connection record removal hooks, and specifically breaking
intel.log of Zeek clusters
- Fix indexing of set/table types with a vector
- Fix precision loss in ASCII logging/printing of large double,
time, or interval values
- Improve handling of invalid SIP data before requests
- Fix copy()/cloning vectors that have holes (indices w/ null
values)
Reported by: Jon Siwek
274b20e4c8