HomeFreeBSD

security/bro: Update to 2.6.4 and address a potential Denial of

Description

security/bro: Update to 2.6.4 and address a potential Denial of
Service vulnerability:

https://raw.githubusercontent.com/zeek/zeek/3b5a9f88ece1d274edee897837e280ef751bde94/NEWS
  • The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyzer is enabled by default and used in the analysis of SMB, DCE/RPC, and GSSAPI protocols.

Approved by: ler (mentor, implicit)
MFH: 2019Q3
Security: 55571619-454e-4769-b1e5-28354659e152

Details

Committed
leresSep 17 2019, 11:13 PM
Parents
rP512244: - Update to 0.9
Branches
Unknown
Tags
Unknown