From jsiwek at corelight.com  Thu May 30 09:29:35 2019
From: jsiwek at corelight.com (Jon Siwek)
Date: Thu, 30 May 2019 09:29:35 -0700
Subject: [Zeek-Announce] Bro 2.6.2 release (security update)
Message-ID: <CAMzgZ0+Y1H=Zjeg7Vqz1UnJzF7N5Z=Ey0TZNin_jmQsd3LwccA@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A security patch release, Bro v2.6.2, is now available for download:

  https://www.zeek.org/download/index.html

The following Denial of Service vulnerabilities are addressed:

* Integer type mismatches in BinPAC-generated parser code and Bro
  analyzer code may allow for crafted packet data to cause
  unintentional code paths in the analysis logic to be taken due to
  unsafe integer conversions causing the parser and analysis logic
  to each expect different fields to have been parsed.  One such
  example, reported by Maksim Shudrak, causes the Kerberos analyzer
  to dereference a null pointer.  CVE-2019-12175 was assigned for
  this issue.

* The Kerberos parser allows for several fields to be left
  uninitialized, but they were not marked with an &optional attribute
  and several usages lacked existence checks.  Crafted packet data
  could potentially cause an attempt to access such uninitialized
  fields, generate a runtime error/exception, and leak memory.
  Existence checks and &optional attributes have been added to the
  relevent Kerberos fields.

* BinPAC-generated protocol parsers commonly contain fields whose
  length is derived from other packet input, and for those that allow
  for incremental parsing, BinPAC did not impose a limit on how
  large such a field could grow, allowing for remotely-controlled
  packet data to cause growth of BinPAC's flowbuffer bounded only
  by the numeric limit of an unsigned 64-bit integer, leading
  to memory exhaustion.  There is now a generalized limit for
  how large flowbuffers are allowed to grow, tunable by setting
  "BinPAC::flowbuffer_capacity_max".

-----BEGIN PGP SIGNATURE-----

iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAlzvRkwACgkQxotJTfVq
zH4pLA//SO5JEvq1OLU5MFUvaMD2FraqcAsE/nj7+Yt+UbyRqG3NAwdgE19ZmtCb
bRTbHpdnRo+chM+JdtB+alyojgAt0sBtMQyVqMSR2UhQgCn68OJvCT9Qi7FbCI/q
ZqxKYwZ9Lfrgx4EJWnbS2hNhrBsSt9kBtqm/6YsPjyIIk3zt4q5xxJwaAouQIDFy
DxTQqwaIeDNvjjV9HxYkzrWJINt4CzxG512yfXBgX1sRa2rNAhiSGOubd6uFjkWu
WABfzJUDQILN0RiefT8MilEf1OBCcLtUNhVAnIgqkUkmkWm48VZu2Sup6THwU3nU
N3x8XFYBLLbV3+l1dt8fqWAyzBPWs2irQBY2xmPT2xBkq4gQXxlR1Le41b/hZXCJ
azmmDepedm6vfSl2Q0S9wNqEVpFAx98wj7cGZuce4VLom3W0ANl67jchXrzIX2UT
BZ78jc50F8+FM7/yjYsUf+kd5t6zOWGSCq2iraZBDOaNKa1bVKBirbmFySkVuCDt
fKXyLw7OKSsZD18P2SVQWHKv/JdfOTm7SRixm5Sbr+yNFceNU0KTrMSu8WI+4kxE
qpVSjbMqf5XpUWZYygtGZQgg5lsrgArkOWoIfxldGDLpjQM5vUdvY3uJEdOxIsZT
AmdS3SFoorzHPhKywiSANRbGdMn4o8E3y1UCdyoerKrZJoy2ZZc=
=XuB+
-----END PGP SIGNATURE-----

From jsiwek at corelight.com  Thu Aug  8 18:42:37 2019
From: jsiwek at corelight.com (Jon Siwek)
Date: Thu, 8 Aug 2019 18:42:37 -0700
Subject: [Zeek-Announce] Bro 2.6.3 release (security update)
Message-ID: <CAMzgZ0LOwk_zatKSHcti7omHAZnf3RQvwHO+u7pwGpPc8_LG5w@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A security patch release, Bro v2.6.3, is now available for
download:

  https://www.zeek.org/downloads/bro-2.6.3.tar.gz
  https://www.zeek.org/downloads/bro-2.6.3.tar.gz.asc

Bro v2.6.3 addresses the following Denial of Service
vulnerabilities:

* Null pointer dereference in the RPC analysis code. RPC
  analyzers (e.g. MOUNT or NFS) are not enabled in the default
  configuration.

* Signed integer overflow in BinPAC-generated parser code.  The
  result of this is Undefined Behavior with respect to the array
  bounds checking conditions that BinPAC generates, so it's
  unpredictable what an optimizing compiler may actually do
  under the assumption that signed integer overlows should never
  happen.  The specific symptom which lead to finding this issue
  was with the PE analyzer causing out-of-memory crashes due to
  large allocations that were otherwise prevented when the array
  bounds checking logic was changed to prevent any possible
  signed integer overlow.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl1MpNQACgkQxotJTfVq
zH6psg/9FZq5HVhRNymHzB1VHXlf1ELDW/lKC26ekl17Ri25Ec0YPm2U7xP1R/D+
XzLGcF5Wh74gB8IgbePHPq4RynVYYOyeRboN2yjrCCZvUBQcVn32wDOWo2QJer/0
kro+EDDaxWNUPhhM3xD09UYscWJ7SlyHfQciMnn9FWkccYOUqciIydiIcAdQ6Ako
uoG3pGh9BDfFQVMbYpC0pQPFNU6LAzyUOMq0I7cKKKxT+GRj5GuHVOnWfSqdulUA
w05Dk7isxeea7slR+g6FgCrBX/xqdMhnoJPNuKnMZ7+aKlg1a/MOB45tmeqm/OTs
jOg6+BB0W3rOc8McZf6ksnOFj/1CK7Nhf9ccFNgqXGTjOYRfcFEw9L9QbJyPcRDW
6fDIaXWLQx4NTgf74EIR/k4uZ4iLWKSahq1V9w0qPbQQXIvZEf5a9E4bCJHbhA5K
5WngU0NGZiKQACNGf0Ja0y470/V/u6EDFDge4lgIKsef7bysuOhNpRNPHTx8bMrM
dPOSvLoWabirdGCYXD50egJujFl1bgVUfJ0f61C23fobefm/M0X9goNTtIbnDYuX
WAeaEk7snMWwZman4PyEMk1pTulW3yt8rhXCNJxpchwqZYiF69wM8o41gbBD/sly
ECL8vEHK1hiShTuZcjn9VW/pRkGq4YyXjon19bnCREgJNiGZhtY=
=jf49
-----END PGP SIGNATURE-----

From jsiwek at corelight.com  Thu Aug  8 18:43:51 2019
From: jsiwek at corelight.com (Jon Siwek)
Date: Thu, 8 Aug 2019 18:43:51 -0700
Subject: [Zeek-Announce] Zeek 3.0.0 RC1 available
Message-ID: <CAMzgZ0L+Gv3Wm55kpow-qHpD=USWDv4AnfNUY-af679xTLjEAw@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A Release Candidate for Zeek 3.0.0 is now available for
testing:

  https://www.zeek.org/downloads/zeek-3.0.0-rc1.tar.gz
  https://www.zeek.org/downloads/zeek-3.0.0-rc1.tar.gz.asc

This major release will have many additions and changes, the
most prominent being a comprehensive adaptation to use Zeek
instead of Bro.  See the NEWS file for the full list of
important differences to be aware of when upgrading and testing.
Our blog also describes the upcoming release and potential
issues when upgrading:

  https://blog.zeek.org

Please report bugs at our GitHub project:

  https://github.com/zeek/zeek/issues

Or feel free to give feedback directly on the Zeek mailing list.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl1MtgAACgkQxotJTfVq
zH5PwQ//UfT3kqp6kXy+XG0f3mhHNinKWK857ihkhnYB4MR66EKERJCe+1GKiEJV
9fK8eCXNKGsf5SPB2FRwxtdsv8QFmIecuv5VHGtZNGOYY4Jqe7gHXy+6/dCicqK+
R9FaVzp4C/EMP5E/4UOygFLvr4dehK/tuLUgVmDqDh7LbtCPZdabNo8oamIzEi7p
pymLCJyQP2u4KFmOV5GYufJl5AZ9/Lv96FmhqOb0mdFcSKgI6PMZPVl5tyA8+rb8
o9P1EU5Gxinc2ys2VH+w8XUErVSR9eMvHopd13Na0OZQt1D8A0X3R+cEKGwsP7di
/vZJ1qz2hDYho+zhiKqle0bCsWk5k8D8uHAi19wxPLSQcbikAcjH4CRWLfoJbJfE
wMSvd+7TQYE8YMOwtgTzBa0phrgq43+DD4vQYYxc1GbJCSa3dTkyQ8JW1+CuhmbS
/9yZz5aQvXadBRply77cnZtoIC+4cIwqk51Bzd5lpBsRuaeQVArUJmSvsHx7EP1x
PTiS9TsyzyrmzAU4Dbtqzr9oW3XT9VkUhziExT0g5tt9tsRDE0tY47p3z05rsJpH
jer3vTLJs/eMg8bAmUJjn9VXtZjp1vNiTBQSvuewF6KeTduWRuM7eR4FrijlYrpA
5w9zGVPiTbyP/HoOL1APMHBWTsJikHta7zl751gBFotu8naPvL8=
=XsHc
-----END PGP SIGNATURE-----

From jsiwek at corelight.com  Wed Aug 28 17:16:14 2019
From: jsiwek at corelight.com (Jon Siwek)
Date: Wed, 28 Aug 2019 17:16:14 -0700
Subject: [Zeek-Announce] Bro 2.6.4 release (security update)
Message-ID: <CAMzgZ0+CLNiJYG-fm1cnX2vRh==q6Gthv++-nDKmRWyXhXVS-g@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A security patch release, Bro v2.6.4, is now available for
download:

  https://www.zeek.org/downloads/bro-2.6.4.tar.gz
  https://www.zeek.org/downloads/bro-2.6.4.tar.gz.asc

Bro v2.6.4 addresses a potential Denial of Service
vulnerability:

* The NTLM analyzer did not properly handle AV Pair sequences
  that were either empty or unterminated, resulting in invalid
  memory access or heap buffer over-read.  The NTLM analyzer
  is enabled by default and used in the analysis of SMB,
  DCE/RPC, and GSSAPI protocols.

  Thanks to Chris Hinshaw for reporting the issue.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl1nE/kACgkQxotJTfVq
zH6Few//S2ErQbxV2StBTRECbX7BeAOZy9y+UYhH1BYCQuYLplhdg+Slgj1cPxas
y0Tkm8B6EX8uBcAX3QRzui+bZvwVtlJDo3sGAAkjiLAK6djf8ix1i9aAZgfzi7/I
yiACWnpXe+2r3/XN020uoL8LQk7M0GZ7g3v6WMykdncCortneEVuQGPjb9lbXQ7B
f5KYXaThV53t6axHBhnbMwEtiXzJQ/uWAwDd+owpuWYl7DpeVZ3WL3iGzaEsA66T
pY6mjElOjeaHI4ttmdMsjbrxyseC+bhnlY5Q4NB9RJtQwbKjoP/FPwvOvD1qD3mD
2hY5h7t+GzENr3XHiuidmJvYRYrTn6wQLw5c6WL1Qs7raBdpRfpCmadrIYLYJVkY
TnTc/8BO4Pu09pGoQB6JiCOdt4Q452RJkrEt7LcOmWYOLBThXGYejM/PvKkdWsft
sGJ4bpsxKQoTWVLKKXTSnVvbwaDahyHl4/YZ776FEtBh5BTY4fHZw/GmwnbxEbDC
dp7gZ3GvhIQwOzrofm3T5aX3AvIZglZcDTwwRYyQ8d8ZZ/s/HCE4GNX3JTjZCxlx
ebKC9n5F+F6PSOdpeLsC7z9fT5/WPJHW9hxAhT5mHUToGeYohp6jqb+OAgHR0nXr
aonvtN4Y/5MC4Ink+PAxHUdW228e9bv3Bxe7/0kCITeEBU6zX8Q=
=Biua
-----END PGP SIGNATURE-----

From jsiwek at corelight.com  Wed Aug 28 17:17:55 2019
From: jsiwek at corelight.com (Jon Siwek)
Date: Wed, 28 Aug 2019 17:17:55 -0700
Subject: [Zeek-Announce] Zeek 3.0.0 RC2 available
Message-ID: <CAMzgZ0Lzv4PJj9mAcHYVFawu2WD10VefyAYabNEW4SE5ufP25Q@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Release Candidate 2 for Zeek 3.0.0 is now available for
testing:

  https://www.zeek.org/downloads/zeek-3.0.0-rc2.tar.gz
  https://www.zeek.org/downloads/zeek-3.0.0-rc2.tar.gz.asc

See the CHANGES file for a list of changes since RC1.

This major release will have many additions and changes, the
most prominent being a comprehensive adaptation to use Zeek
instead of Bro.  See the NEWS file for the full list of
important differences to be aware of when upgrading and testing.
Our blog also describes the upcoming release and potential
issues when upgrading:

  https://blog.zeek.org

Please report bugs at our GitHub project:

  https://github.com/zeek/zeek/issues

Or feel free to give feedback directly on the Zeek mailing list.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl1nE94ACgkQxotJTfVq
zH4i9g//bPeNtIckaFzdRJqevLqqj4H4TU6CWPnKaELVV0GljFcmuFzfMA4W35yx
xFDUKOxUcIgLoQ79mhOm2x3VOaSpKmSz/8BXII5fvSshQ70CkNeTfOr79SQZ+Lvb
wPTmq96y2UxSanPH4NanUO7AnI3o7rw9Fu8QGB0MgE0a9Cn1iPaE4dBA4ivAjrI1
JhLqMcuA7hLYwJSkPG3XjJTLumtELsiXxL8LLmbCKQDPYLm6gLSMTKq4p9n8+zo0
GJ/ltwPwmsSYcgmhiifEcVns/HpU7qLEI4uP5XnHQ5Fcgvmu7BPvxA5eV6ZwafxP
5u2rYiPyC6n5qOOiS/mvMP0Y39H8XDC2Oa6TJ+xy0fC5BHYPCBhRcBNlz31Fp8UR
2k1AMAMh+9pSEBz5c7F18H38zblt+swxbp/wN7D+Mg4gwX0qMP1ZUwuGzcYiT5mf
Of5rUh2kZa1emrjBMqBe85hpd2Yfn6kvSjwqVeoYoMqgMBb3yhmQPH/itqBq/T1M
G9ULuLB8rYRGvwD5DEnPRqzaXP8T0GGAP+1WNTEZxIL8vD6Ksw/oon1h+odTCtT8
zu68Jl/2nDCk7Y6kiHr6x5cOVOT0yEPvc5JlRgb9ZWWuWvvqujJI8aHqzLwiz9Wo
XYKwpgroPGijax95pr8Y7Jzgqmcm66GPyBnRaNWXg2bohGOMycg=
=8xcQ
-----END PGP SIGNATURE-----

From jsiwek at corelight.com  Mon Sep 23 12:16:00 2019
From: jsiwek at corelight.com (Jon Siwek)
Date: Mon, 23 Sep 2019 12:16:00 -0700
Subject: [Zeek-Announce] Zeek 3.0.0 release available
Message-ID: <CAMzgZ0+rsZJ5_5fP2JC5bprFAye=GZ4JNxGbi3L4woOU2g5uPQ@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Zeek release 3.0.0 is now available:

  https://www.zeek.org/downloads/zeek-3.0.0.tar.gz
  https://www.zeek.org/downloads/zeek-3.0.0.tar.gz.asc

This major release has many additions and changes, the most
prominent being a comprehensive switch to use the name Zeek
instead of Bro.  Please read the release notes for a full
description of new features and changes:

  https://github.com/zeek/zeek/blob/v3.0.0/NEWS

The Zeek blog also describes the upcoming release and potential
pitfalls to be aware of when upgrading:

  https://blog.zeek.org/2019/09/zeek-300.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl2JGSkACgkQxotJTfVq
zH4Nsg/+Kdmvlfe/3OfTQnLm9gjAU6ZZ8Zihwusdv1dttG+Bil7yhvBKCTE5PF2W
Ve5tNA6Z/nfCRiBYL26IUP2xPXGlDTWaCwU0uUiOxURDZBD0YXerjNIyBJds4P3l
gD+14GjJaEIWh/2Y0iM8nntTKfdqUmfpMF4laXns3leNj/M0KIgHWJGwvxriVAMu
UhU87m84/l1+AuoUqscnVf1j5qyX06lQET6v06w8xd5eyrI0C5U8eWXWMolPnzoC
oQ5yeuur7o102tNzp5rYS/Pnmn+WQx2HMumB/v6U/iTh8P2cR6n1uzD6d5w35TXN
9zMGss6v5/92SKR7umaUOo5TWM3kS6ieXuEgUwsf77252sE3TpoOPPWQXnzwYdLT
NgqJvyYspWkhNlY2cSJ8LFAu6cobIlBdcGFUtwundLH7to8wFaFS3a9WgCWPV7vk
K/5b47sJy1p2F8rHJljdqcxUw3LAq57lnob6bhsKtKm5ZZBPgFei8d9S8PUrtade
u+mXunraQbLAsyzTdKUhI7hW7gIXF6dRo5NGmYL+Fh1COnAGmhvIrCjOnBftw6LR
FkbLwIAWLS1VD/8tyFm1+klVgQItylbvc/UDsy709mWa0anZ/bmyv9s+pW+2Evbu
g7CTrS7eb+MoEPgtEnmuR+sem34hkEPsAuwYwqYrcLwwm4leREU=
=2Ql2
-----END PGP SIGNATURE-----

From jsiwek at corelight.com  Tue Dec 10 13:46:54 2019
From: jsiwek at corelight.com (Jon Siwek)
Date: Tue, 10 Dec 2019 13:46:54 -0800
Subject: [Zeek-Announce] Zeek 3.0.1 release available
Message-ID: <CAMzgZ0LmmCMBfDUvy++vS4AHAfYOXAGVkJqbsM+dQUZ18uemmw@mail.gmail.com>

Zeek release 3.0.1 is now available:

  https://www.zeek.org/downloads/zeek-3.0.1.tar.gz
  https://www.zeek.org/downloads/zeek-3.0.1.tar.gz.asc

This is a bug-fix release that most notably addresses
a JSON logging performance regression in 3.0.0, but also
fixes other minor bugs.  A list which details the changes
can be found here:

  https://github.com/zeek/zeek/releases/tag/v3.0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3.0.1-announce.txt.asc
Type: application/octet-stream
Size: 1264 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek-announce/attachments/20191210/948f1799/attachment.obj