[Bro] Bro 2.5.3 release (security update)
Johanna Amann
johanna at icir.org
Wed Feb 14 09:46:37 PST 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
We announce the release of Bro v2.5.3. The new version is now available for
download at:
https://bro.org/download/index.html
or directly at:
https://www.bro.org/downloads/bro-2.5.3.tar.gz
Binary packages for the new version are currently building and will be available
in the next hours at:
https://bro.org/download/packages.html
This is a security release that fixes an integer overflow in code generated by
binpac. This issue can be used by remote attackers to crash Bro (i.e. a DoS
attack). There also is a possibility this can be exploited in other ways.
This bug was found by Philippe Antoine of Catena cyber. A CVE will be assigned
to this bug.
Bro 2.5.3 does not contain any other changes. We urge everyone to update their
installation as quickly as possible.
Johanna
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJahHMjAAoJECOZ8Wl8E8ZdgC0QAKLtWFynqWO7GyHitGCCnw60
AiBPBYZMcLeO7QRwkba2JvuFwYDWZGKkkiUdVWIfaVGCiYw0ZJ9WueHz6kVSU6zW
OMQrtunO74iizdIgWqbvM0MnKMosc6im7wISDXW/q3DwcP4UfCajwiKiQqciK+x0
i3kTAm5jjqhD5BIHAMr05zHetF/gBOqRd1+2+xFqeLuUkxK9TlqMnhjORNMlSCRB
d56fV00vZMIQNgpsMiDA9ICWBz8fsbyCkme1tbver6AytM1IvhAcXr89Wsfe9z4T
VhrsUdf1klnCaiOmMUg2xGkJLxaosfUiQCyCs+G2JvH7DDPuf2CDFDK4nQohpppN
T3PYcQa0w6T6YXnfz+lil/INN4g0l7PscWSaexv9fof8gwgljn1LWhYJ+rsEOzwa
sM5fYdUHfRUg9n9F3lsTi7Qo34nh5HK3NXyYpwB4GH/yoCDglRKyGOVsrjc7FPeg
NUjRchFHgfMCpcD9OGXcn0a/jNXiEtuRRsR4hec1IU7fVe40Y6CUyK/ka4QCA+E4
xzgJUOaVNT7NaTILoMfM+fjiVXFImm2e1kJXQizVzrkQUesUTY4eebDQXcFVIrpW
ZoTZ3TtG5LqJy4/8g0mq5h7Bz48GdtvQce7XmMhYHt3Yp0AjIB9tSKfhxXxO/kaP
TNhR36N1vDiFCo1z1QIi
=2I6P
-----END PGP SIGNATURE-----
More information about the Bro
mailing list