1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00
freebsd-ports/security/bro
Craig Leres d28e161373 security/bro: Update to 2.6.2 and address several denial of service
vulnerabilities:

   https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS

 - Integer type mismatches in BinPAC-generated parser code and Bro
   analyzer code may allow for crafted packet data to cause
   unintentional code paths in the analysis logic to be taken due
   to unsafe integer conversions causing the parser and analysis
   logic to each expect different fields to have been parsed.  One
   such example, reported by Maksim Shudrak, causes the Kerberos
   analyzer to dereference a null pointer.  CVE-2019-12175 was
   assigned for this issue.

 - The Kerberos parser allows for several fields to be left
   uninitialized, but they were not marked with an &optional attribute
   and several usages lacked existence checks.  Crafted packet data
   could potentially cause an attempt to access such uninitialized
   fields, generate a runtime error/exception, and leak memory.
   Existence checks and &optional attributes have been added to the
   relevent Kerberos fields.

 - BinPAC-generated protocol parsers commonly contain fields whose
   length is derived from other packet input, and for those that
   allow for incremental parsing, BinPAC did not impose a limit on
   how large such a field could grow, allowing for remotely-controlled
   packet data to cause growth of BinPAC's flowbuffer bounded only
   by the numeric limit of an unsigned 64-bit integer, leading to
   memory exhaustion.  There is now a generalized limit for how
   large flowbuffers are allowed to grow, tunable by setting
   "BinPAC::flowbuffer_capacity_max".

Approved by:	ler (mentor, implicit)
MFH:		2019Q2
Security:	177fa455-48fc-4ded-ba1b-9975caa7f62a
2019-05-31 19:23:07 +00:00
..
files
distinfo security/bro: Update to 2.6.2 and address several denial of service 2019-05-31 19:23:07 +00:00
Makefile security/bro: Update to 2.6.2 and address several denial of service 2019-05-31 19:23:07 +00:00
pkg-descr
pkg-plist