[Bro] Bro 2.5.5 release (security update)

Jon Siwek jsiwek at corelight.com
Wed Aug 29 14:24:11 PDT 2018 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We announce the release of Bro v2.5.5. The new version is now available
for download at:

    https://bro.org/download/index.html

or directly at:

    https://www.bro.org/downloads/bro-2.5.5.tar.gz

Binary packages for the new version are currently building and will be
available in the next hours at:

    https://bro.org/download/packages.html

This release has the following security fixes:

* Fix array bounds checking in BinPAC: for arrays that are fields
  within a record, the bounds check was based on a pointer to the start
  of the record rather than the start of the array field, potentially
  resulting in a buffer over-read.

* Fix SMTP command string comparisons: the number of bytes compared was
  based on the user-supplied string length and can lead to incorrect
  matches.  e.g. giving a command of "X" incorrectly matched
  "X-ANONYMOUSTLS" (and empty commands match anything).

The following changes address potential vectors for Denial of Service
reported by Christian Titze & Jan Grashöfer of Karlsruhe Institute of
Technology:

* "Weird" events are now generally suppressed/sampled by default
  according to some tunable parameters (see the changelog for more
  details).  These changes help improve performance issues resulting
  from excessive numbers of weird events.

* Improved handling of empty lines in several text protocol analyzers
  that can cause performance issues when seen in long sequences.

* Add 'smtp_excessive_pending_cmds' weird which serves as a
  notification for when the "pending command" queue has reached an
  upper limit and been cleared to prevent one from attempting to slowly
  exhaust memory.

Please update your Bro installations as soon as possible.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJbhYrrAAoJEMaLSU31asx+ChUQAKsl6Wz5lBhoB51MV8uP/QGX
FCL2hbmAqrGKOMkgT0JAGck1jh9tgjV6KCaoeLbOYs4ai+fPktSpuoCFwlNfjkoK
jvFkg1dTBRpg+Vd/4yghrVK0N9eTg+i9D/0iOnpwdNfuAaLhJXnUlstTgpaJpPiI
powyp15kJmFlKhAeudlJpYXt5FbfLaRlOxHVaVQ5h60T4fEBe+zHA1YFpUOMCdPA
hZA6Nz1mkzvSkntG8VwkjUUVr3sEhwSEQO5S+1YHPYyNftYTgAJnHR0KLxG1LWyX
MOuomR2LpFagrLE3eFeZ/x9nsttDsBGaV8WXRCrYDknKwj4CBk6NhZESiOAzjCd8
Atv7A6i/ImY3qqkTlVrE4HC6xNsWagTgHeYGEp2nSuet88l9MbJsg/7C5VdiPXbK
Xclzczw3aSJ+1Of2kvDnV5OrqfAAZ3+pGIm6Dul/I7CLvXUQispRtyGPtUwtDENE
XIDPsG82AwRkZQEOek6DyQHcEPk13eJTgWsbtqmpyHhxWEe5mGfsu+4JWT+mZpLD
51nPNyv8NKNkcfMdNO8mpUekQVOEqYKfHZzoV1s+El2uz1VQ25jdBRZ8qcRBqZlb
P7l1iIvRVIS/VFAhtksGLpNQVM++x+CDqYXFS4lq2sF8D4mpoyP5GReG9LaXFWFF
cdSmPyEeM92Qsh/o3ySQ
=x3s7
-----END PGP SIGNATURE-----

More information about the Bro mailing list