(formerly Bro) is a flexible network analysis framework focusing on network security monitoring. Feature release.
| CHANGES (zeek-3.2.2) | : | CHANGES (zeek-3.2.4) |
|---|
| | |
|
| | 3.2.4 | 2021-02-22 10:19:36 -0800 |
| | |
| | * GH-1352: Added flag to stop processing SMTP headers in attached messages (Jo |
| | n Oakley) |
| | |
| | * Fix `major_subsys_version` field in `pe_optional_header` event (Jon Siwek, C |
| | orelight) |
| | |
| | It was incorrectly set the same as the `minor_subsys_version` field |
| | of the `PE::OptionalHeader` record. |
| | |
| | * Fix CentOS 8 CI Dockerfile (Jon Siwek, Corelight) |
| | |
| | The "PowerTools" repoid changed to "powertools": |
| | https://bugs.centos.org/view.php?id=17920 |
| | |
| | * Update CI configuration (Jon Siwek, Corelight) |
| | |
| | * Add tasks for Fedora 33, Debian 10, Ubuntu 20.04, |
| | FreeBSD 11, and macOS Big Sur |
| | * Bump FreeBSD 12-1 task to 12-2 |
| | * Switch macOS Catalina image to "catalina-xode-11.6 image" |
| | * Increase CPUs used for macOS tasks |
| | |
| | * GH-1398: Fix buffer overread in ascii formatter (Johanna Amann, Corelight) |
| | |
| | When a text with an (escaped) zero byte was passed to ParseValue, only |
| | the part of the string up to the zero byte was copied, but the length of |
| | the full string was passed to the input framework. |
| | |
| | This leads to the input manager reading over the end of the buffer. |
| | |
| | 3.2.3 | 2020-12-14 18:47:18 -0800 |
| | |
| | * Release 3.2.3. |
| | |
| | * Add test case to cover weird EDNS ECS parsing situations (Jon Siwek, Corelig |
| | ht) |
| | |
| | * Fix EDNS ECS option parsing bugs (Jon Siwek, Corelight) |
| | |
| | * The parsing of IPv6 addresses tried to fill a stack-buffer with as |
| | much data as supplied in the Option even if it was in excess of the |
| | desired prefix or maximum IPv6 address size. This could result in an |
| | overflow of that stack-buffer. |
| | |
| | * The parsing of IPv4 addresses would overwrite the storage used for |
| | that address as many times as there were bytes in the Option in excess |
| | of the desired prefix length or maximum IPv4 address size. This could |
| | cause the resulting IPv4 address to be derived from the incorrect |
| | data. |
| | |
| | * Upon encountering unexpected/excessive option-length or source-prefix |
| | parameters, the data pointer used for parsing was also not always |
| | advanced to the start of the next alleged option's data. Assuming all |
| | other parsing code correctly guards against invalid input, there's no |
| | further harm from that other than the subsequent parsing being more |
| | likely to encounter unexpected values and emitting more Weirds. |
| | |
| | Credit to OSS-Fuzz for discovery |
| | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28336 |
| | (Link to details becomes public 30 days after patch release) |
| | |
| | * GH-1286: Fix SMB2 response status parsing. (Vlad Grigorescu) |
| | |
| | * Fix memory leak in deprecated Analyzer::ConnectionEvent() (Jon Siwek, Coreli |
| | ght) |
| | |
| | * GH-1321: Prevent compounding of `connection_status_update` event timers (Jon |
| | Siwek, Corelight) |
| | |
| | Particularly for ICMP connections, a new timer got added every time a |
| | `connection` record was updated even if there was still a pending timer |
| | for that connection. |
| | |
| | * Fix incorrect ICMP Neighbor Discovery Option length calculation (Vlad Grigor |
| | escu) |
| | |
| 3.2.2 | 2020-10-07 10:14:47 -0700 | | 3.2.2 | 2020-10-07 10:14:47 -0700 |
| | |
| * Release 3.2.2. | | * Release 3.2.2. |
| | |
| * Fix multipart MIME leak of sub-part found after closing-boundary (Jon Siwek,
Corelight) | | * Fix multipart MIME leak of sub-part found after closing-boundary (Jon Siwek,
Corelight) |
| | |
| After detecting a closing-boundary for a given multipart MIME entity, it | | After detecting a closing-boundary for a given multipart MIME entity, it |
| enters into an "end of data" state, however any subsequent boundary | | enters into an "end of data" state, however any subsequent boundary |
| delimiter could still cause the allocation of a sub-entity object that | | delimiter could still cause the allocation of a sub-entity object that |
| is never released due to cleanup logic being bypassed upon finding the | | is never released due to cleanup logic being bypassed upon finding the |
| | | |
| End of changes. 1 change blocks. |
|---|
| 0 lines changed or deleted | | 78 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 