This release fixes the following security issues:
-
Fix buffer over-read in Ident analyzer
#925Thanks to Max Kellermann for reporting and patching.
-
Fix SSL scripting error leading to uninitialized field access and memory leak
b749ddaThanks to Justin Azoff for reporting.
-
Fix POP3 analyzer global buffer over-read
280bf56Thanks to Justin Azoff for reporting and patching.
-
Fix potential stack overflows due to use of Variable-Length-Arrays
Parts of #912:- BIFs
bytestring_to_hexstr()andhexstr_to_bytestring() socks-analyzer.pac:array_to_string()- SMB, NTLM, and RDP analyzers use of
utf16_bytestring_to_utf8_val() smb-strings.pac:uint8s_to_stringval()andextract_string()
- BIFs
Also fixed are the following bugs:
-
Fix unusable
subscriber.poll()method in Broker Python bindings
zeek/broker#110 -
Fix uninitialized field access in
ssl/log-hostcerts-only.zeek
#916 -
Fix missing default function for Kerberos constant-lookup-tables
#918 -
Fix cloning of
TypeTypevalues
#933 -
Remove misleading error message on empty bloomfilter lookup
#930 -
Fix
misc/stats.zeekskipping log entry on termination
ccdaf5f -
Offline pcap processing no longer initializes
network_timebefore first
events afterzeek_initget dispatched
1b19090 -
Ensure time moves forward when suspending a pcap file IO source
#950
Reminder: Zeek 3.0.x is the Long-Term Support release, receiving bug fixes until at least October 2020 while Zeek 3.1.x is the current feature release, receiving bug fixes until approximately July 2020 when the 3.2.x release series begins.