This release fixes the following security issues:
-
Fix potential DNS analyzer stack overflow
The Contents_DNS analyzer used a recursive message parsing function that
determined the size of the next message from the input packet-data
itself. A packet containing a sequence of many small messages could
cause a stack overflow since a recursion happened after processing
each message.This issue is remotely exploitable with Denial of Service potential due
to crashing the Zeek process.Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24272 -
Fix potential NetbiosSSN analyzer stack overflow
The Contents_NetbiosSSN analyzer used a recursive message parsing
function that determined the size of the next message from the input
packet-data itself. A packet containing a sequence of many small
messages could cause a stack overflow since a recursion happened after
processing each message.This issue is remotely exploitable with Denial of Service potential due
to crashing the Zeek process.
This release fixes the following bugs:
-
Fix DHCP Client ID Option misformat for Hardware Type 0
#1003 -
Fix/allow copying/cloning of
opaque of Broker::Store
#1028 -
Fix ConnPolling memory over-use
#1035 -
Fix compress_path not normalizing some paths correctly
#1041
#1050
38cd56a -
Fix integer conversion error for Tag subtypes/enums
#1062
#1064 -
Fix
bro_prng()
results not staying within modulus
#1076
0f4eb9a -
Prevent providing a
0
seed tobro_prng()
since the LCG parameters don't allow that
#1076
887b53b
Reminder: Zeek 3.0.x is a Long-Term Support release, receiving bug fixes until at least October 2020.