CHANGES (zeek-3.2.2) | : | CHANGES (zeek-3.2.4) | ||
---|---|---|---|---|
3.2.4 | 2021-02-22 10:19:36 -0800 | ||||
* GH-1352: Added flag to stop processing SMTP headers in attached messages (Jo | ||||
n Oakley) | ||||
* Fix `major_subsys_version` field in `pe_optional_header` event (Jon Siwek, C | ||||
orelight) | ||||
It was incorrectly set the same as the `minor_subsys_version` field | ||||
of the `PE::OptionalHeader` record. | ||||
* Fix CentOS 8 CI Dockerfile (Jon Siwek, Corelight) | ||||
The "PowerTools" repoid changed to "powertools": | ||||
https://bugs.centos.org/view.php?id=17920 | ||||
* Update CI configuration (Jon Siwek, Corelight) | ||||
* Add tasks for Fedora 33, Debian 10, Ubuntu 20.04, | ||||
FreeBSD 11, and macOS Big Sur | ||||
* Bump FreeBSD 12-1 task to 12-2 | ||||
* Switch macOS Catalina image to "catalina-xode-11.6 image" | ||||
* Increase CPUs used for macOS tasks | ||||
* GH-1398: Fix buffer overread in ascii formatter (Johanna Amann, Corelight) | ||||
When a text with an (escaped) zero byte was passed to ParseValue, only | ||||
the part of the string up to the zero byte was copied, but the length of | ||||
the full string was passed to the input framework. | ||||
This leads to the input manager reading over the end of the buffer. | ||||
3.2.3 | 2020-12-14 18:47:18 -0800 | ||||
* Release 3.2.3. | ||||
* Add test case to cover weird EDNS ECS parsing situations (Jon Siwek, Corelig | ||||
ht) | ||||
* Fix EDNS ECS option parsing bugs (Jon Siwek, Corelight) | ||||
* The parsing of IPv6 addresses tried to fill a stack-buffer with as | ||||
much data as supplied in the Option even if it was in excess of the | ||||
desired prefix or maximum IPv6 address size. This could result in an | ||||
overflow of that stack-buffer. | ||||
* The parsing of IPv4 addresses would overwrite the storage used for | ||||
that address as many times as there were bytes in the Option in excess | ||||
of the desired prefix length or maximum IPv4 address size. This could | ||||
cause the resulting IPv4 address to be derived from the incorrect | ||||
data. | ||||
* Upon encountering unexpected/excessive option-length or source-prefix | ||||
parameters, the data pointer used for parsing was also not always | ||||
advanced to the start of the next alleged option's data. Assuming all | ||||
other parsing code correctly guards against invalid input, there's no | ||||
further harm from that other than the subsequent parsing being more | ||||
likely to encounter unexpected values and emitting more Weirds. | ||||
Credit to OSS-Fuzz for discovery | ||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28336 | ||||
(Link to details becomes public 30 days after patch release) | ||||
* GH-1286: Fix SMB2 response status parsing. (Vlad Grigorescu) | ||||
* Fix memory leak in deprecated Analyzer::ConnectionEvent() (Jon Siwek, Coreli | ||||
ght) | ||||
* GH-1321: Prevent compounding of `connection_status_update` event timers (Jon | ||||
Siwek, Corelight) | ||||
Particularly for ICMP connections, a new timer got added every time a | ||||
`connection` record was updated even if there was still a pending timer | ||||
for that connection. | ||||
* Fix incorrect ICMP Neighbor Discovery Option length calculation (Vlad Grigor | ||||
escu) | ||||
3.2.2 | 2020-10-07 10:14:47 -0700 | 3.2.2 | 2020-10-07 10:14:47 -0700 | |||
* Release 3.2.2. | * Release 3.2.2. | |||
* Fix multipart MIME leak of sub-part found after closing-boundary (Jon Siwek, Corelight) | * Fix multipart MIME leak of sub-part found after closing-boundary (Jon Siwek, Corelight) | |||
After detecting a closing-boundary for a given multipart MIME entity, it | After detecting a closing-boundary for a given multipart MIME entity, it | |||
enters into an "end of data" state, however any subsequent boundary | enters into an "end of data" state, however any subsequent boundary | |||
delimiter could still cause the allocation of a sub-entity object that | delimiter could still cause the allocation of a sub-entity object that | |||
is never released due to cleanup logic being bypassed upon finding the | is never released due to cleanup logic being bypassed upon finding the | |||
End of changes. 1 change blocks. | ||||
0 lines changed or deleted | 78 lines changed or added |