This release fixes the following security issues:
-
Fix potential DNS analyzer stack overflow
The Contents_DNS analyzer used a recursive message parsing function that
determined the size of the next message from the input packet-data
itself. A packet containing a sequence of many small messages could
cause a stack overflow since a recursion happened after processing
each message.This issue is remotely exploitable with Denial of Service potential due
to crashing the Zeek process.Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24272 -
Fix potential NetbiosSSN analyzer stack overflow
The Contents_NetbiosSSN analyzer used a recursive message parsing
function that determined the size of the next message from the input
packet-data itself. A packet containing a sequence of many small
messages could cause a stack overflow since a recursion happened after
processing each message.This issue is remotely exploitable with Denial of Service potential due
to crashing the Zeek process.
This release fixes the following bugs:
-
Fix DHCP Client ID Option misformat for Hardware Type 0
#1003 -
Fix/allow copying/cloning of
opaque of Broker::Store
#1028 -
Fix ConnPolling memory over-use
#1035 -
Fix compress_path not normalizing some paths correctly
#1041
#1050 -
Fix integer conversion error for Tag subtypes/enums
#1062
#1064 -
Fix
bro_prng()results not staying within modulus
#1076
0f4eb9a -
Prevent providing a
0seed tobro_prng()since the LCG parameters don't allow that
#1076
887b53b -
Fix mishandling of
getrandom()to seed RNG (caused unrandom/deterministic RNG -- opposite of what's desired/intended)
#1076
dba7643
Reminder: Zeek 3.0.x is the Long-Term Support release, receiving bug fixes until at least October 2020 while Zeek 3.1.x is the current feature release, receiving bug fixes until approximately July 2020 when the 3.2.x release series begins.