CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2021/10/03 13:57:47
Modified files:
net/bro : Tag: OPENBSD_7_0 Makefile distinfo
net/bro/patches: Tag: OPENBSD_7_0
patch-auxil_highwayhash_highwayhash_os_specific_cc
Log message:
SECURITY update to zeek-4.0.4.
- Paths from log stream make it into system() unchecked, potentially leading
to commands being run on the system unintentionally. This requires either
bad scripting or a malicious package to be installed, and is considered
low severity.
- Fix potential unbounded state growth in the PIA analyzer when receiving a
connection with either a large number of zero-length packets, or one which
continues ack-ing unseen segments. It is possible to run Zeek out of memory
in these instances and cause it to crash. Due to the possibility of this
happening with packets received from the network, this is a potential DoS
vulnerability.
