This release fixes the following security issue:
-
Fix null-pointer dereference when encountering an invalid
enum
name in a
config/input file that tries to read it into aset[enum]
. For those
that have such an input feed whose contents may come from external/remote
sources, this is a potential DoS vulnerability.
This release fixes the following bugs:
-
Fix mime type detection bug in IRC/FTP
file_transferred
event for file
data containing null-bytes -
Fix potential for missing timestamps in SMB logs
-
Remove use of LeakSanitizer API on FreeBSD where it's unsupported
-
Fix incorrect parsing of ERSPAN Type I
-
Fix incorrect/overflowed
n
value forSSL_Heartbeat_Many_Requests
notices
where number of server heartbeats is greater than number of client heartbeats. -
Fix missing
user_agent
existence check insmtp/software.zeek
(causesreporter.log
error noise, but no functional difference) -
Fix include order of bundled headers to avoid conflicts with
pre-existing/system-wide installs -
Fix musl build (e.g. Void, Alpine, etc.)
-
Fix build with
-DENABLE_MOBILE_IPV6
/./configure --enable-mobile-ipv6
-
Add check for null packet data in pcap IOSource, which is an observed state
in Myricom libpcap that crashes Zeek via null-pointer dereference -
Allow CRLF line-endings in Zeek scripts and signature files
-
Fix armv7 build
-
Fix unserialization of
set[function]
, generally now used byconnection
record removal hooks, and specifically breakingintel.log
of Zeek clusters -
Fix indexing of set/table types with a vector
-
Fix precision loss in ASCII logging/printing of large double, time, or
interval values -
Improve handling of invalid SIP data before requests
-
Fix
copy()
/cloning vectors that have holes (indices w/ null values)
Reminder: Zeek 4.0.x is a Long-Term Support (LTS) release, receiving bug fixes until at least May 2022 (estimate of 2 months after 5.0.0 release).