HomeFreeBSD
Diffusion FreeBSD ports repository c729310c3535

security/vuxml: Mark zeek < 6.0.1 as vulnerable as per:
c729310c3535
Actions

Description

security/vuxml: Mark zeek < 6.0.1 as vulnerable as per:

https://github.com/zeek/zeek/releases/tag/v6.0.1

This release fixes the following potential DoS vulnerabilities:

  • File extraction limits were not correctly enforced for files containing large amounts of missing bytes.
  • Sessions are sometimes not cleaned up completely within Zeek during shutdown, potentially causing a crash when using the -B dpd flag for debug logging.
  • A specially-crafted HTTP packet can cause Zeek's filename extraction code to take a long time to process the data.
  • A specially-crafted series of FTP packets made up of a CWD request followed by a large amount of ERPT requests may cause Zeek to spend a long time logging the commands.
  • A specially-crafted VLAN packet can cause Zeek to overflow memory and potentially crash.

Reported by: Tim Wojtulewicz

Details

Provenance
leresAuthored on Sep 12 2023, 9:26 PM
Parents
R11:8ab46275a6c0: sysutils/zfs-stats: Remove obsolete shebangfix and update pkg-descr
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
security/
vuxml/
vuln/

R11:c729310c3535

View Options

security/vuxml/vuln/2023.xml

Loading...