"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "CHANGES" between
zeek-3.2.2.tar.gz and zeek-3.2.4.tar.gz

About: Zeek (formerly Bro) is a flexible network analysis framework focusing on network security monitoring. Feature release.

CHANGES  (zeek-3.2.2):CHANGES  (zeek-3.2.4)
3.2.4 | 2021-02-22 10:19:36 -0800
* GH-1352: Added flag to stop processing SMTP headers in attached messages (Jo
n Oakley)
* Fix `major_subsys_version` field in `pe_optional_header` event (Jon Siwek, C
orelight)
It was incorrectly set the same as the `minor_subsys_version` field
of the `PE::OptionalHeader` record.
* Fix CentOS 8 CI Dockerfile (Jon Siwek, Corelight)
The "PowerTools" repoid changed to "powertools":
https://bugs.centos.org/view.php?id=17920
* Update CI configuration (Jon Siwek, Corelight)
* Add tasks for Fedora 33, Debian 10, Ubuntu 20.04,
FreeBSD 11, and macOS Big Sur
* Bump FreeBSD 12-1 task to 12-2
* Switch macOS Catalina image to "catalina-xode-11.6 image"
* Increase CPUs used for macOS tasks
* GH-1398: Fix buffer overread in ascii formatter (Johanna Amann, Corelight)
When a text with an (escaped) zero byte was passed to ParseValue, only
the part of the string up to the zero byte was copied, but the length of
the full string was passed to the input framework.
This leads to the input manager reading over the end of the buffer.
3.2.3 | 2020-12-14 18:47:18 -0800
* Release 3.2.3.
* Add test case to cover weird EDNS ECS parsing situations (Jon Siwek, Corelig
ht)
* Fix EDNS ECS option parsing bugs (Jon Siwek, Corelight)
* The parsing of IPv6 addresses tried to fill a stack-buffer with as
much data as supplied in the Option even if it was in excess of the
desired prefix or maximum IPv6 address size. This could result in an
overflow of that stack-buffer.
* The parsing of IPv4 addresses would overwrite the storage used for
that address as many times as there were bytes in the Option in excess
of the desired prefix length or maximum IPv4 address size. This could
cause the resulting IPv4 address to be derived from the incorrect
data.
* Upon encountering unexpected/excessive option-length or source-prefix
parameters, the data pointer used for parsing was also not always
advanced to the start of the next alleged option's data. Assuming all
other parsing code correctly guards against invalid input, there's no
further harm from that other than the subsequent parsing being more
likely to encounter unexpected values and emitting more Weirds.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28336
(Link to details becomes public 30 days after patch release)
* GH-1286: Fix SMB2 response status parsing. (Vlad Grigorescu)
* Fix memory leak in deprecated Analyzer::ConnectionEvent() (Jon Siwek, Coreli
ght)
* GH-1321: Prevent compounding of `connection_status_update` event timers (Jon
Siwek, Corelight)
Particularly for ICMP connections, a new timer got added every time a
`connection` record was updated even if there was still a pending timer
for that connection.
* Fix incorrect ICMP Neighbor Discovery Option length calculation (Vlad Grigor
escu)
3.2.2 | 2020-10-07 10:14:47 -0700 3.2.2 | 2020-10-07 10:14:47 -0700
* Release 3.2.2. * Release 3.2.2.
* Fix multipart MIME leak of sub-part found after closing-boundary (Jon Siwek, Corelight) * Fix multipart MIME leak of sub-part found after closing-boundary (Jon Siwek, Corelight)
After detecting a closing-boundary for a given multipart MIME entity, it After detecting a closing-boundary for a given multipart MIME entity, it
enters into an "end of data" state, however any subsequent boundary enters into an "end of data" state, however any subsequent boundary
delimiter could still cause the allocation of a sub-entity object that delimiter could still cause the allocation of a sub-entity object that
is never released due to cleanup logic being bypassed upon finding the is never released due to cleanup logic being bypassed upon finding the
 End of changes. 1 change blocks. 
0 lines changed or deleted 78 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)