HomeFreeBSD
Diffusion FreeBSD ports repository 4e0e0f48d7e3

security/zeek: Update to 5.0.7
4e0e0f48d7e3
Actions

Description

security/zeek: Update to 5.0.7

https://github.com/zeek/zeek/releases/tag/v5.0.7

This release fixes the following potential DoS vulnerabilities:

  • Receiving DNS responses from async DNS requests (via the lookup_addr, etc BIF methods) with the TTL set to zero could cause the DNS manager to eventually stop being able to make new requests.
  • Specially-crafted FTP packets with excessively long usernames, passwords, or other fields could cause log writes to use large amounts of disk space.
  • The find_all and find_all_ordered BIF methods could take extremely large amounts of time to process incoming data depending on the size of the input.

This release fixes the following bugs:

  • Various issues with signed/unsigned character discrepancies on arm64 builds are fixed.
  • A performance degredation in debug builds involving hashing large keys for Dictionaries was fixed.

Reported by: Tim Wojtulewicz
Security: 7a425536-74f7-4ce4-9768-0079a9d44d11

Details

Provenance
leresAuthored on Feb 21 2023, 10:39 PM
Parents
R11:2986f76a6403: security/vuxml: Mark zeek < 5.0.7 as vulnerable as per:
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
security/
zeek/

R11:4e0e0f48d7e3

View Options

security/zeek/Makefile

Loading...
View Options

security/zeek/distinfo

Loading...