Page MenuHomeFreeBSD

Update security/bro to 2.5.4

Authored by leres on Jun 6 2018, 5:20 PM.
Referenced Files
Unknown Object (File)
Sun, May 12, 11:14 PM
Unknown Object (File)
Sun, May 12, 11:13 PM
Unknown Object (File)
Sun, May 12, 11:13 PM
Unknown Object (File)
Thu, May 9, 11:48 PM
Unknown Object (File)
Apr 8 2024, 5:57 AM
Unknown Object (File)
Mar 18 2024, 10:22 PM
Unknown Object (File)
Jan 15 2024, 3:25 AM
Unknown Object (File)
Dec 26 2023, 1:40 PM



Proposed commit message:

Update to 2.5.4 which fixes multiple memory allocation issues:
  • Multiple fixes and improvements to BinPAC generated code
	  related to array parsing, with potential impact to all
	  Bro's BinPAC-generated analyzers in the form of buffer
	  over-reads or other invalid memory accesses depending on
	  whether a particular analyzer incorrectly assumed that
	  the evaulated-array-length expression is actually the
	  number of elements that were parsed out from the input.
  • The NCP analyzer (not enabled by default and also updated
	  to actually work with newer Bro APIs in the release)
	  performed a memory allocation based directly on a field
	  in the input packet and using signed integer storage.
	  This could result in a signed integer overflow and memory
	  allocations of negative or very large size, leading to a
	  crash or memory exhaustion.  The new NCP::max_frame_size
	  tuning option now limits the maximum amount of memory
	  that can be allocated.

    Other fixes:
  • A memory leak in the SMBv1 analyzer.
  • The MySQL analyzer was generally not working as intended,
	  for example, it now is able to parse responses that contain
	  multiple results/rows.

    Add gettext-runtime to USES to address poudriere testport warning.

    Note that a CVE has not be requested yet.

    Reviewed by: ? (mentor)
    Approved by: ? (mentor)
    MFH: 2018Q2
    Security: 2f4fd3aa-32f8-4116-92f2-68f05398348e
    Differential Revision: ?

Diff Detail

rP FreeBSD ports repository
Lint Not Applicable
Tests Not Applicable

Event Timeline


Can you add a VuXML entry (will need yet another review...) /before/ you commit here -- add the VuXML Id under the Security: tag in the commit message for this.
Also, don't forget to add MFH: 2018Q2. Once ports-secteam approves, you're approved for the merge to the quarterly branch too.

This revision is now accepted and ready to land.Jun 8 2018, 3:43 PM
This revision was automatically updated to reflect the committed changes.