security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS
https://github.com/zeek/zeek/releases/tag/v4.0.1
This release fixes the following vulnerability:
- Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum]. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability.
Other fixes:
- Fix mime type detection bug in IRC/FTP file_transferred event for file data containing null-bytes
- Fix potential for missing timestamps in SMB logs
- Remove use of LeakSanitizer API on FreeBSD where it's unsupported
- Fix incorrect parsing of ERSPAN Type I
- Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests notices where number of server heartbeats is greater than number of client heartbeats.
- Fix missing user_agent existence check in smtp/software.zeek (causes reporter.log error noise, but no functional difference)
- Fix include order of bundled headers to avoid conflicts with pre-existing/system-wide installs
- Fix musl build (e.g. Void, Alpine, etc.)
- Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6
- Add check for null packet data in pcap IOSource, which is an observed state in Myricom libpcap that crashes Zeek via null-pointer dereference
- Allow CRLF line-endings in Zeek scripts and signature files
- Fix armv7 build
- Fix unserialization of set[function], generally now used by connection record removal hooks, and specifically breaking intel.log of Zeek clusters
- Fix indexing of set/table types with a vector
- Fix precision loss in ASCII logging/printing of large double, time, or interval values
- Improve handling of invalid SIP data before requests
- Fix copy()/cloning vectors that have holes (indices w/ null values)
Reported by: Jon Siwek