"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "NEWS" between
zeek-3.2.2.tar.gz and zeek-3.2.4.tar.gz

About: Zeek (formerly Bro) is a flexible network analysis framework focusing on network security monitoring. Feature release.

NEWS  (zeek-3.2.2):NEWS  (zeek-3.2.4)
This document summarizes the most important changes in the current Zeek This document summarizes the most important changes in the current Zeek
release. For an exhaustive list of changes, see the ``CHANGES`` file release. For an exhaustive list of changes, see the ``CHANGES`` file
(note that submodules, such as Broker, come with their own ``CHANGES``.) (note that submodules, such as Broker, come with their own ``CHANGES``.)
Zeek 3.2.4
==========
This release fixes the following security issues:
* Fix ASCII Input reader's treatment of input files containing null-bytes
https://github.com/zeek/zeek/issues/1398
https://github.com/zeek/zeek/commit/a636f8edbd903d3710ec4d7e06b8bb0d68d8aab9
This is mostly only significant for deployments that utilize input data feeds
whose content is controlled by external sources: an input file containing
null-bytes could lead to a buffer-over-read, crash Zeek, and be exploited
to cause Denial of Service.
This release fixes the following bugs:
* MIME sub-entities overwrote top-level header values cause misleading SMTP log
https://github.com/zeek/zeek/issues/1352
https://github.com/zeek/zeek/pull/1365
* Fix incorrect `major_subsys_version` field in `pe_optional_header` event
https://github.com/zeek/zeek/pull/1401
Zeek 3.2.3
==========
This release fixes the following security issues:
* In the parsing of IPv6 addresses within EDNS ECS options, data was written
to a stack-buffer using as many bytes as supplied in the option even if it
was in excess of the desired address prefix or maximum IPv6 address size.
This could result in an overflow of that stack-buffer. This may be
remotely exploitable by anyone creating such a DNS message.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28336
(Link to details becomes public 30 days after patch release)
This release fixes the following bugs:
* The parsing of IPv4 addresses within EDNS ECS options would overwrite the
storage used for that address as many times as there were bytes in the option
in excess of the desired address prefix length or maximum IPv4 address size.
This could cause the resulting IPv4 address to be derived from the incorrect
data.
* In parsing EDNS ECS options, upon encountering unexpected/excessive
option-length or source-prefix parameters, the data pointer used for parsing
was also not always advanced to the start of the next alleged option's data.
Assuming all other parsing code correctly guards against invalid input,
there's no further harm from that other than the subsequent parsing being
more likely to encounter unexpected values and emitting more Weirds.
* Incorrect ICMP Neighbor Discovery Option length calculation
https://github.com/zeek/zeek/issues/1225
https://github.com/zeek/zeek/pull/1228
* Fix memory leak in deprecated Analyzer::ConnectionEvent()
https://github.com/zeek/zeek/pull/1294
* Fix SMB2 response status parsing
https://github.com/zeek/zeek/pull/1311
https://github.com/zeek/zeek/commit/0b8535b879f1028d556b415ddccded27762e47c2
https://github.com/zeek/zeek/commit/07c4662dc4552ecd4d5b237de331c7b9ab369080
* Fix excessive `connection_status_update` events for ICMP connections
https://github.com/zeek/zeek/pull/1322
Zeek 3.2.2 Zeek 3.2.2
========== ==========
This release fixes the following security issues: This release fixes the following security issues:
* Fix multipart MIME leak of sub-part found after closing-boundary * Fix multipart MIME leak of sub-part found after closing-boundary
After detecting a closing-boundary for a given multipart MIME entity, it After detecting a closing-boundary for a given multipart MIME entity, it
enters into an "end of data" state, however any subsequent boundary enters into an "end of data" state, however any subsequent boundary
delimiter could still cause the allocation of a sub-entity object that delimiter could still cause the allocation of a sub-entity object that
 End of changes. 1 change blocks. 
0 lines changed or deleted 68 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)