security/zeek: Update to 6.0.0
https://github.com/zeek/zeek/releases/tag/v6.0.1
This release fixes the following potential DoS vulnerabilities:
- File extraction limits were not correctly enforced for files containing large amounts of missing bytes.
- Sessions are sometimes not cleaned up completely within Zeek during shutdown, potentially causing a crash when using the -B dpd flag for debug logging.
- A specially-crafted HTTP packet can cause Zeek's filename extraction code to take a long time to process the data.
- A specially-crafted series of FTP packets made up of a CWD request followed by a large amount of ERPT requests may cause Zeek to spend a long time logging the commands.
- A specially-crafted VLAN packet can cause Zeek to overflow memory and potentially crash.
This release fixes the following bugs:
- Fixed a base64 decoding issue with the authorization field of HTTP request headers that was sometimes causing Zeek to output error messages.
- Ensure that Zeek builds use the internal version of Spicy instead of external installations, unless specifically configured for that mode.
- Support was added for switch fields when exporting Spicy types to Zeek.
- A number of fixes were added to protect against potential unbounded state growth with the SMB and DCE-RPC analyzers. SMB close requests will properly tear down an related DCE-RPC analyzers.
- Fixed a regression in the UDP and TCP analyzers that was causing more data than necessary to be forwarded to the next analyzer in the chain.
- A connection's value is now updated in-place when its directionality is flipped due to Zeek's heuristics (for example, SYN/SYN-ACK reversal or protocol specific approaches).
- Fixed undefined symbols being reported from Spicy when building some of the binary packages for Zeek.
- Loading policy/frameworks/notice/community-id.zeek now also automatically community ID logging.
- Spicy no longer registers an extra port for every port registered in a plugin's .evt file.
- Timeouts in DNS resolution no longer cause uncontrolled memory growth.
- Fix check to skip DNS hostname lookups for notices that are not delivered via email in policy/frameworks/notice/extend-email/hostnames.
Reported by: Tim Wojtulewicz
Security: 8eefa87f-31f1-496d-bf8e-2b465b6e4e8a