This long-term supported release addresses the following security issues:
-
Potential Denial of Service due to memory leak in DNS TSIG message
parsing. Thanks to Max Kellermann for the report and patch.
See #799 -
Potential Denial of Service due to memory leak (or assertion when
compiling with assertions enabled) when receiving a second SSH KEX
message after a first. Thanks to Max Kellermann for the report and patch.
See #792 -
Potential Denial of Service due to buffer read overflow and/or
memory leaks in Kerberos analyzer. The buffer read overflow could occur when
the Kerberos message indicates it contains an IPv6 address, but does not send
enough data to parse out a full IPv6 address. A memory leak could occur when
processing KRB_KDC_REQ KRB_KDC_REP messages for message types that do not
match a known/expected type. See #753 -
Potential Denial of Service when sending many zero-length SSL/TLS certificate
data. Such messages underwent the full Zeek file analysis treatment which
is expensive (and meaninguless here) compared to how cheaply one can "create"
or otherwise indicate many zero-length contained in an SSL message.
See #748 -
Potential Denial of Service due to buffer read overflow in SMB transaction
data string handling. The length of strings being parsed from SMB messages
was trusted to be whatever the message claimed instead of the actual length
of data found in the message. See #747 -
Potential Denial of Service due to null pointer dereference in FTP ADAT
Base64 decoding. See #739 -
Potential Denial of Service due buffer read overflow in FTP analyzer
word/whitespace handling. This typically won't be a problem in most default
deployments of Zeek since the FTP analyzer receives data from a ContentLine
(NVT) support analyzer which first null-terminates the buffer used for
further FTP parsing. See #749
Also addressed are the following bug fixes:
-
Use-after-free in paraglob
zeek/paraglob@d65dd0a -
Invalid memory read in paraglob
zeek/paraglob@ac86ce7 -
Improve Broker python binding Event validity checks
zeek/broker@2d9f474 -
Misleading Broker debug/error output
zeek/broker@0d136d1 -
malloc/delete mismatch in JSON formatting
c0d6eb9 -
Plugin API returning reference to temporary
ae9e799 -
Memory leak in OCSP parsing when using OpenSSL 1.1
2fbcf23 -
Memory leak in Kerberos ticket decryption
53fadb2 -
Memory leak when table-based input stream overwrites old entry
3742e56 -
Memory leak in packet filter functions
a961f0b -
Memory leak in system_env() BIF
273eb19 -
Memory leak of Log::Filter "config" field
bf05add -
Memory leak in Reporter::get_weird_sampling_whitelist() BIF
3b6a2a5 -
Memory leaks in input framework error-handling cases
6f5f7df -
Memory leak when a plugin prevents a log write operation
09578c6 -
Memory leaks due to reference-counting issues in lambdas/closures
44d922c -
Memory leak when creating input streams which use &type_column
51970c2 -
NTLM field access scripting error: accessing uninitialized
80469a1 -
File analysis scripting error: accessing of an uninitialized field
d9ed76c -
Inconsistent &priority for Log::create_stream() calls
7a74852 -
Fix potential for indefinite buffering of logs (e.g. when they are sparse/bursty)
43e54c7 -
Dictionary::Clear() didn't reset number of entries
1e499b0 -
Paraglob compile failure due to non-standard VLA usage
zeek/paraglob@903b5cf -
Binpac cross-compilation configuration fix
d33613c