security/zeek: Update to 5.0.3
https://github.com/zeek/zeek/releases/tag/v5.0.3
This release fixes the following potential DoS vulnerabilities:
- Fix an issue where a specially-crafted FTP packet can cause Zeek to spend large amounts of time attempting to search for valid commands in the data stream.
- Fix a possible overflow in the Zeek dictionary code that may lead to a memory leak.
- Fix an issue where a specially-crafted packet can cause Zeek to spend large amounts of time reporting analyzer violations.
- Fix a possible assert and crash in the HTTP analyzer when receiving a specially-crafted packet.
- Fix an issue where a specially-crafted HTTP or SMTP packet can cause Zeek to spend a large amount of time attempting to search for filenames within the packet data.
- Fix two separate possible crashes when converting processed IP headers for logging via the raw_packet event handlers.
This release fixes the following bugs:
- Fix a possible crash with when statements where lambda captures of local variables sometimes overflowed the frame counter.
- Reduced the amount of analyzer_confirmation events that are raised for packets that contain tunnels.
- Fix a long-standing bug where TCP reassembly would not function correctly for some analyzers if dpd_reassemble_first_packets was set to false.
- Fix a performance bug in the Zeek dictionary code in certain cases, such as copying a large number of entries from one dictionary into another.
- Fix a performance issue when inserting large numbers of elements into a Broker store when Broker::scheduler_policy is set to stealing.
- Fix a Broker performance issue when distributing large amounts of data from the input framework to proxies/workers at startup.
- Fix an issue with messaging between proxies and workers that resulted in error messages being reported.
- Updated the list of DNS type strings to reflect the correct.
Reported by: Tim Wojtulewicz
Security: 60d4d31a-a573-41bd-8c1e-5af7513c1ee9
(cherry picked from commit f7beb19cdf537aacb741f1f19fccff683954371b)