This release fixes the following security issues:
-
Fix buffer over-read in Ident analyzer
#925Thanks to Max Kellermann for reporting and patching.
-
Fix SSL scripting error leading to uninitialized field access and memory leak
b749ddaThanks to Justin Azoff for reporting.
-
Fix POP3 analyzer global buffer over-read
280bf56Thanks to Justin Azoff for reporting and patching.
-
Fix potential stack overflows due to use of Variable-Length-Arrays
Parts of #912:- BIFs
bytestring_to_hexstr()andhexstr_to_bytestring() socks-analyzer.pac:array_to_string()- SMB, NTLM, and RDP analyzers use of
utf16_bytestring_to_utf8_val() smb-strings.pac:uint8s_to_stringval()andextract_string()
- BIFs
Also fixed are the following bugs:
-
Fix unusable
subscriber.poll()method in Broker Python bindings
zeek/broker#110 -
Fix uninitialized field access in
ssl/log-hostcerts-only.zeek
#916 -
Fix missing default function for Kerberos constant-lookup-tables
#918 -
Fix cloning of
TypeTypevalues
#933 -
Remove misleading error message on empty bloomfilter lookup
#930 -
Fix
misc/stats.zeekskipping log entry on termination
ccdaf5f
Reminder: Zeek 3.0.x is a Long-Term Support release, receiving bug fixes until at least October 2020.