diff options
| author | Craig Leres <leres@FreeBSD.org> | 2019-08-10 00:59:52 +0800 |
|---|---|---|
| committer | Craig Leres <leres@FreeBSD.org> | 2019-08-10 00:59:52 +0800 |
| commit | 3cd67449f871e4742eaa03fc2d1745d8c8c6b98c (patch) | |
| tree | 6982152ab8edb2d0aad6cad9cdff0e45bb02b704 /security | |
| parent | 0a8a02fb5f1c68a007f36c26f703a8ba807cc8dd (diff) | |
| download | freebsd-ports-gnome-3cd67449f871e4742eaa03fc2d1745d8c8c6b98c.tar.gz freebsd-ports-gnome-3cd67449f871e4742eaa03fc2d1745d8c8c6b98c.tar.zst freebsd-ports-gnome-3cd67449f871e4742eaa03fc2d1745d8c8c6b98c.zip | |
security/bro: Update to 2.6.3 and address potential denial of service
vulnerabilities:
https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS
- Null pointer dereference in the RPC analysis code. RPC analyzers
(e.g. MOUNT or NFS) are not enabled in the default configuration.
- Signed integer overflow in BinPAC-generated parser code. The
result of this is Undefined Behavior with respect to the array
bounds checking conditions that BinPAC generates, so it's
unpredictable what an optimizing compiler may actually do under
the assumption that signed integer overlows should never happen.
The specific symptom which lead to finding this issue was with
the PE analyzer causing out-of-memory crashes due to large
allocations that were otherwise prevented when the array bounds
checking logic was changed to prevent any possible signed integer
overlow.
Approved by: matthew (mentor, implicit)
MFH: 2019Q3
Security: f56669f5-d799-4ff5-9174-64a6d571c451
Diffstat (limited to 'security')
| -rw-r--r-- | security/bro/Makefile | 3 | ||||
| -rw-r--r-- | security/bro/distinfo | 6 |
2 files changed, 4 insertions, 5 deletions
diff --git a/security/bro/Makefile b/security/bro/Makefile index c063ce64d5c8..d48a7074f3e1 100644 --- a/security/bro/Makefile +++ b/security/bro/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= bro -PORTVERSION= 2.6.2 -PORTREVISION= 1 +PORTVERSION= 2.6.3 CATEGORIES= security MASTER_SITES= https://www.zeek.org/downloads/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/bro/distinfo b/security/bro/distinfo index 2422966a02dc..3a6f2d77cbb6 100644 --- a/security/bro/distinfo +++ b/security/bro/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1559318790 -SHA256 (bro-2.6.2.tar.gz) = 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6 -SIZE (bro-2.6.2.tar.gz) = 28477996 +TIMESTAMP = 1565320389 +SHA256 (bro-2.6.3.tar.gz) = 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f +SIZE (bro-2.6.3.tar.gz) = 28480249 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630 |