| non port: security/zeek/distinfo |
|
SVNWeb
|
Number of commits found: 30 |
|
Fri, 19 May 2023
|
[ 17:37 Craig Leres (leres)  ]    21ea6c3
security/zeek: Update to 5.0.9
https://github.com/zeek/zeek/releases/tag/v5.0.9
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of FTP packets with a CMD command
with a large path followed by a very large number of replies
could cause Zeek to spend a long time processing the data.
- A specially-crafted with a truncated header can cause Zeek to
overflow memory and potentially crash.
- A specially-crafted series of SMTP packets can cause Zeek to
generate a very large number of events and take a long time to(Only the first 15 lines of the commit message are shown above  )
|
|
Wed, 12 Apr 2023
|
[ 06:18 Craig Leres (leres) ] 7705f7bbc
security/zeek: Update to 5.0.8
https://github.com/zeek/zeek/releases/tag/v5.0.8
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted stream of FTP packets containing a command
reply with many intermediate lines can cause Zeek to spend a
large amount of time processing data.
- A specially-crafted set of packets containing extremely large
file offsets cause cause the reassembler code to allocate large
amounts of memory.
- The DNS manager does not correctly expire responses that don't(Only the first 15 lines of the commit message are shown above )
|
|
Tue, 21 Feb 2023
|
[ 22:39 Craig Leres (leres) ] 4e0e0f4
security/zeek: Update to 5.0.7
https://github.com/zeek/zeek/releases/tag/v5.0.7
This release fixes the following potential DoS vulnerabilities:
- Receiving DNS responses from async DNS requests (via the
lookup_addr, etc BIF methods) with the TTL set to zero could
cause the DNS manager to eventually stop being able to make new
requests.
- Specially-crafted FTP packets with excessively long usernames,
passwords, or other fields could cause log writes to use large
amounts of disk space.
(Only the first 15 lines of the commit message are shown above )
|
|
Wed, 1 Feb 2023
|
[ 19:06 Craig Leres (leres) ] 85faac2
security/zeek: Update to 5.0.6
https://github.com/zeek/zeek/releases/tag/v5.0.6
This release fixes the following potential DoS vulnerabilities:
- A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
- Receiving a series of packets that start with HTTP/1.0 and then
switch to HTTP/0.9 could cause Zeek to spend a large amount of
time processing the packets.
- Receiving large numbers of FTP commands sequentially from the(Only the first 15 lines of the commit message are shown above )
|
|
Tue, 10 Jan 2023
|
[ 01:07 Craig Leres (leres) ] 5f6df5b
security/zeek: Update to 5.0.5
https://github.com/zeek/zeek/releases/tag/v5.0.5
This release fixes the following bugs:
- Update broker to version 2.3.6. This broker release fixes some
failures when building against Python 3.11 and above.
Reported by: Tim Wojtulewicz
|
|
Thu, 24 Nov 2022
|
[ 18:29 Craig Leres (leres) ] a940eea
security/zeek: Update to 5.0.4
https://github.com/zeek/zeek/releases/tag/v5.0.4
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of HTTP 0.9 packets can cause Zeek
to spend large amounts of time processing the packets.
- A specially-crafted FTP packet can cause Zeek to spend large
amounts of time processing the command.
- A specially-crafted IPv6 packet can cause Zeek to overflow memory
and potentially crash.
This release fixes the following bugs:
- Fix a potential stall in Broker’s internal data pipeline.
Reported by: Tim Wojtulewicz
Security: ???
|
|
Wed, 9 Nov 2022
|
[ 02:42 Craig Leres (leres) ] f7beb19
security/zeek: Update to 5.0.3
https://github.com/zeek/zeek/releases/tag/v5.0.3
This release fixes the following potential DoS vulnerabilities:
- Fix an issue where a specially-crafted FTP packet can cause Zeek
to spend large amounts of time attempting to search for valid
commands in the data stream.
- Fix a possible overflow in the Zeek dictionary code that may
lead to a memory leak.
- Fix an issue where a specially-crafted packet can cause Zeek to
spend large amounts of time reporting analyzer violations.(Only the first 15 lines of the commit message are shown above )
|
|
Tue, 20 Sep 2022
|
[ 00:02 Craig Leres (leres) ] 2f3600b
security/zeek: Update to 5.0.2
https://github.com/zeek/zeek/releases/tag/v5.0.2
Security fixes:
- Fix a possible overflow and crash in the ICMP analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the IRC analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the SMB analyzer when
receiving a specially crafted packet
(Only the first 15 lines of the commit message are shown above )
|
|
Fri, 26 Aug 2022
|
[ 23:54 Craig Leres (leres) ] 8afc679
security/zeek: Update to 5.0.1
https://github.com/zeek/zeek/releases/tag/v5.0.1
Security fixes since 5.0.0:
- Fix a possible overflow and crash in the ARP analyzer when
receiving a specially crafted packet.
- Fix a possible overflow and crash in the Modbus analyzer when
receiving a specially crafted packet.
- Fix two possible crashes when converting IP headers for output
via the raw_packet event.
(Only the first 15 lines of the commit message are shown above )
|
|
Sat, 9 Jul 2022
|
[ 02:44 Craig Leres (leres) ] c356da8
security/zeek: Update to 5.0.0 (latest LTS release)
https://github.com/zeek/zeek/releases/tag/v5.0.0
Changes incompatiable with 4.0.7:
- The script-land ``union`` and ``timer`` types have been removed.
They haven't had any actual semantics backing them for some time
and shouldn't have functioned in any useable way. We opted to
skip the deprecation cycle for these types for that reason.
- Broker now uses a new network backend with a custom network
protocol that is incompatible with the pre-5.0 backend. In
practice, this means Zeek 4.x will not be able to exchange events
with Zeek 5.x. Going forward, this new backend will allow us to
keep the Broker protocol more stable and add new capabilities
in a backwards compatible way.
While we're here add a comment explaining why we really need uname
-p instead of using ARCH (uname -m). Also solve a portlint nag.
Reported by: Tim Wojtulewicz
|
|
Fri, 3 Jun 2022
|
[ 17:34 Craig Leres (leres) ] d1628eb
security/zeek: Update to 4.0.7
https://github.com/zeek/zeek/releases/tag/v4.0.7
Security fixes since 4.0.6:
- Fix potential hang in the DNS analyzer when receiving a
specially-crafted packet. Due to the possibility of this happening
with packets received from the network, this is a potential DoS
vulnerability.
Other changes:
- Fix issue with broken libpcaps that return repeat packets, most
notably the version provided with Myricom hardware.
Reported by: Tim Wojtulewicz
|
|
Thu, 21 Apr 2022
|
[ 22:48 Craig Leres (leres) ] 23f90b9
security/zeek: Update to 4.0.6
https://github.com/zeek/zeek/releases/tag/v4.0.6
Security fixes since 4.0.5:
- Fix potential unbounded state growth in the FTP analyzer when
receiving a specially-crafted stream of commands. This may lead
to a buffer overflow and cause Zeek to crash. Due to the possibility
of this happening with packets received from the network, this
is a potential DoS vulnerabilty.
Other changes:
- Empty table constructors with &default attributes may cause a
crash.
- Fix a bug in ZAM when a function containing a loop is inlined
- Fix a number of bugs with robust dictionary iteration.
- Fix missing "Reporter" entries when reporting hooks via zeek.
Reported by: Tim Wojtulewicz
|
|
Tue, 25 Jan 2022
|
[ 22:38 Craig Leres (leres) ] 02c1f1a
security/zeek: Update to 4.0.5
Changes since 4.0.4:
- The highwayhash module was updated to fix a build failure on
FreeBSD.
- A number of fixes for various problems on the CI infrastructure.
- Writers were not being cleaned up correctly when recreating log
streams with the same ID as an existing stream. This could lead
to a crash.
- IP packets with bad/incorrect IP header lengths were not reporting
weirds as they should be.
Reported by: Tim Wojtulewicz
|
|
Wed, 22 Sep 2021
|
[ 22:15 Craig Leres (leres) ] b45eb65
security/zeek: Update to 4.0.4
https://github.com/zeek/zeek/releases/tag/v4.0.4
This release fixes two vulnerabilities:
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause(Only the first 15 lines of the commit message are shown above )
|
|
Tue, 6 Jul 2021
|
[ 21:31 Craig Leres (leres) ] 9ffa415
security/zeek: Update to 4.0.3
https://github.com/zeek/zeek/releases/tag/v4.0.3
This release fixes the following bugs:
- Zeek now accepts unset fields in the input data only when the
corresponding record field is &optional.
- The version field in ssh.log is now optional and will not be set
if we cannot determine the version that was negotiated by the
client and server.
- Zeekctl could crash at startup on certain compilers and platforms
due to a memory corruption issue in the Broker python bindings.(Only the first 15 lines of the commit message are shown above )
|
|
Thu, 3 Jun 2021
|
[ 00:14 Craig Leres (leres) ] b9d6624
security/zeek: Update to 4.0.2
https://github.com/zeek/zeek/releases/tag/v4.0.2
This release fixes several potential DoS vulnerabilities:
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability.
(Only the first 15 lines of the commit message are shown above )
|
|
Wed, 21 Apr 2021
|
[ 21:11 Craig Leres (leres) ] 274b20e
security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS
https://github.com/zeek/zeek/releases/tag/v4.0.1
This release fixes the following vulnerability:
- Fix null-pointer dereference when encountering an invalid enum
name in a config/input file that tries to read it into a set[enum].
For those that have such an input feed whose contents may come
from external/remote sources, this is a potential DoS vulnerability.
Other fixes:
- Fix mime type detection bug in IRC/FTP file_transferred event
for file data containing null-bytes(Only the first 15 lines of the commit message are shown above )
|
|
Sat, 20 Mar 2021
|
[ 01:16 leres ]  
security/zeek: Update to 4.0.0
This is the next Long-Term Support (LTS) major version:
https://github.com/zeek/zeek/releases/tag/v4.0.0
https://zeek.org/2020/12/15/zeek-4-0-release-candidate/
Support for the previous LTS (3.0.x) will end in about two months.
Reported by: Jon Siwek
|
|
Tue, 23 Feb 2021
|
[ 01:54 leres ]
security/zeek: Update to 3.0.13
https://github.com/zeek/zeek/releases/tag/v3.0.13
This release fixes the following vulnerability:
- Fix ASCII Input reader's treatment of input files containing
null-bytes. An input file containing null-bytes could lead to a
buffer-over-read, crash Zeek, and be exploited to cause Denial
of Service.
And fixes the following bugs:
- MIME sub-entities overwrote top-level header values cause
misleading SMTP log
- Fix incorrect major_subsys_version field in pe_optional_header
event
Reported by: Jon Siwek
|
|
Tue, 15 Dec 2020
|
[ 22:17 leres ]
security/zeek: Update to 3.0.12
https://github.com/zeek/zeek/releases/tag/v3.0.12
This release fixes the following bugs:
- Incorrect ICMP Neighbor Discovery Option length calculation
- Fix SMB2 response status parsing
- Fix excessive connection_status_update events for ICMP connections
Reported by: Jon Siwek
|
|
Wed, 7 Oct 2020
|
[ 21:29 leres ]
security/zeek: Update to 3.0.11 to fix memory leaks and potential DOS:
https://github.com/zeek/zeek/releases/tag/v3.0.11
- A memory leak in multipart MIME code has potential for remote
exploitation and cause for Denial of Service via resource
exhaustion.
Other fixes:
- Fix incorrect RSTOS0 conn_state determinations
Reported by: Jon Siwek
MFH: 2020Q4
Security: 769a4f60-9056-4c27-89a1-1758a59a21f8
|
|
Thu, 10 Sep 2020
|
[ 00:15 leres ]
security/zeek: Update to 3.0.10 to fix memory leaks and potential DOS:
https://github.com/zeek/zeek/releases/tag/v3.0.10
- Fix memory leak caused by re-entering AYIYA parsing
- Fix memory leak caused by re-entering GTPv1 parsing
Other fixes:
- Fix Input Framework 'change' events for 'set' destinations
- Fix reported body-length of HTTP messages w/ sub-entities
Reported by: Jon Siwek
MFH: 2020Q3
Security: 2c92fdd3-896c-4a5a-a0d8-52acee69182d
|
|
Tue, 28 Jul 2020
|
[ 01:09 leres ]
security/zeek: Update to 3.0.8 and address various vulnerabilities:
https://github.com/zeek/zeek/releases/tag/v3.0.8
- Fix potential DNS analyzer stack overflow
- Fix potential NetbiosSSN analyzer stack overflow
Other fixes:
- Fix DHCP Client ID Option misformat for Hardware Type 0
- Fix/allow copying/cloning of opaque of Broker::Store
- Fix ConnPolling memory over-use(Only the first 15 lines of the commit message are shown above )
|
|
Wed, 10 Jun 2020
|
[ 19:15 leres ]
security/zeek: Update to 3.0.7 and address various vulnerabilities:
https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS
- Fix potential stack overflow in NVT analyzer
- Fix NVT analyzer memory leak from multiple telnet authn name options
- Fix multiple content-transfer-encoding headers causing a memory leak
- Fix potential leak of Analyzers added to tree during Analyzer::Done
- Prevent IP fragment reassembly on packets without minimal IP header
Other fixes:(Only the first 15 lines of the commit message are shown above )
|
|
Wed, 6 May 2020
|
[ 23:37 leres ]
security/zeek: Update to 3.0.6 and address multiple vulnerabilites:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
- Fix buffer over-read in Ident analyzer
- Fix SSL scripting error leading to uninitialized field access
and memory leak
- Fix POP3 analyzer global buffer over-read
- Fix potential stack overflows due to use of Variable-Length-Arrays
Other changes since 3.0.5 include:
(Only the first 15 lines of the commit message are shown above )
|
|
Wed, 15 Apr 2020
|
[ 00:01 leres ]
security/zeek: Update to 3.0.5
Chase latest version number that contains a simple fix not relevant
to supported versions of FreeBSD (hence no MFH).
https://raw.githubusercontent.com/zeek/zeek/3ad19762770c567edc3498b3c1f9f216f46970b0/NEWS
- Same as 3.0.4 but fixes compilation on various platforms with
older compilers, for example GCC 4.8.x.
|
|
Tue, 14 Apr 2020
|
[ 20:55 leres ]
security/zeek: Update to 3.0.4 and address a remote crash vulnerability:
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
- Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
remotely via crafted packet sequence.
Other fixes:
- Fix use-after-free in Zeek lambda functions with uninitialized
locals
- Fix buffer overflow due to tables/records created at parse-time
not rebuilt on record redef
(Only the first 15 lines of the commit message are shown above )
|
|
Sun, 15 Mar 2020
|
[ 22:44 leres ]
security/bro: Update to 3.0.3 and address a number of potential
denial of service issues:
https://github.com/zeek/zeek/releases/tag/v3.0.2
https://github.com/zeek/zeek/releases/tag/v3.0.3
- Potential Denial of Service due to memory leak in DNS TSIG message
parsing.
- Potential Denial of Service due to memory leak (or assertion
when compiling with assertions enabled) when receiving a second
SSH KEX message after a first.
- Potential Denial of Service due to buffer read overflow and/or
memory leaks in Kerberos analyzer. The buffer read overflow (Only the first 15 lines of the commit message are shown above )
|
|
Wed, 11 Dec 2019
|
[ 21:43 leres ]
security/bro: Update to 3.0.1. As announced by Jon Siwek:
This is a bug-fix release that most notably addresses a JSON
logging performance regression in 3.0.0, but also fixes other
minor bugs. A list which details the changes can be found here:
https://github.com/zeek/zeek/releases/tag/v3.0.1
Approved by: ler (mentor, implicit)
|
|
Sun, 17 Nov 2019
|
[ 01:03 leres ]
security/zeek: This adds security/zeek, the new version of security/bro.
This is being done as svn copy instead of rename so that users of
security/bro can have some time to migrate. It also allows for
possible security updates to the old bro port which upstream has
indicated is possible for at least a few months.
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D22376
|
Number of commits found: 30 |
As an Amazon Associate I earn from qualifying purchases.