Skip to content

v5.0.2
Compare
Choose a tag to compare
@timwoj timwoj released this 19 Sep 20:17
· 3228 commits to master since this release
v5.0.2
45e0a6c

This release fixes the following security issues:

  • Fix a possible overflow and crash in the ICMP analyzer when receiving a
    specially crafted packet. Due to the possibility of this happening with
    packets received from the network, this is a potential DoS vulnerability.

  • Fix a possible overflow and crash in the IRC analyzer when receiving a
    specially crafted packet. Due to the possibility of this happening with
    packets received from the network, this is a potential DoS vulnerability.
    Note that this requires the irc_whois_channel_line to be handled. This
    event is not handled by default, so this is likely a low-severity issue.

  • Fix a possible overflow and crash in the SMB analyzer when receiving a
    specially crafted packet. Due to the possibility of this happening with
    packets received from the network, this is a potential DoS vulnerability.
    Note that this requires the smb1_transaction_secondary_request to be
    handled. This event is not handled by default, so this is likely a
    low-severity issue.

  • Fix two possible crashes when converting IP headers for output via the
    raw_packet event. Due to the possibility of this happening with packets
    received from the network, this is a potential DoS vulnerability. Note that
    the raw_packet event is not enabled by default so these are likely
    low-severity issues.

This release fixes the following bugs:

  • Fix a bug that prevented Broker nodes to recover from OpenSSL errors.

  • Fix handling of buffer sizes that caused Broker to stall despite having
    sufficient capacity.

  • Fix an issue with signal handling that could prevent Zeek from exiting via
    ctrl-c when reading scripts from stdin.

Assets 6