cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFH: r503191

Browse Source 
security/bro: Update to 2.6.2 and address several denial of service
vulnerabilities:

   https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS

 - Integer type mismatches in BinPAC-generated parser code and Bro
   analyzer code may allow for crafted packet data to cause
   unintentional code paths in the analysis logic to be taken due
   to unsafe integer conversions causing the parser and analysis
   logic to each expect different fields to have been parsed.  One
   such example, reported by Maksim Shudrak, causes the Kerberos
   analyzer to dereference a null pointer.  CVE-2019-12175 was
   assigned for this issue.

 - The Kerberos parser allows for several fields to be left
   uninitialized, but they were not marked with an &optional attribute
   and several usages lacked existence checks.  Crafted packet data
   could potentially cause an attempt to access such uninitialized
   fields, generate a runtime error/exception, and leak memory.
   Existence checks and &optional attributes have been added to the
   relevent Kerberos fields.

 - BinPAC-generated protocol parsers commonly contain fields whose
   length is derived from other packet input, and for those that
   allow for incremental parsing, BinPAC did not impose a limit on
   how large such a field could grow, allowing for remotely-controlled
   packet data to cause growth of BinPAC's flowbuffer bounded only
   by the numeric limit of an unsigned 64-bit integer, leading to
   memory exhaustion.  There is now a generalized limit for how
   large flowbuffers are allowed to grow, tunable by setting
   "BinPAC::flowbuffer_capacity_max".

Approved by:	ler (mentor, implicit)
Security:	177fa455-48fc-4ded-ba1b-9975caa7f62a

Approved by:	ports-secteam (miwi)
This commit is contained in:
Craig Leres 2019-06-02 15:41:13 +00:00
parent 9115f51e95
commit e28db1fea4
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/branches/2019Q2/; revision=503318
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/bro/Makefile
View File

@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= bro
PORTVERSION= 2.6.1
PORTREVISION= 2
PORTVERSION= 2.6.2
CATEGORIES= security
MASTER_SITES= https://www.zeek.org/downloads/
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}

6
security/bro/distinfo
View File

@ -1,5 +1,5 @@
TIMESTAMP = 1545247794
SHA256 (bro-2.6.1.tar.gz) = d9718b83fdae0c76eea5254a4b9470304c4d1d3778687de9a4fe0b5dffea521b
SIZE (bro-2.6.1.tar.gz) = 28432762
TIMESTAMP = 1559318790
SHA256 (bro-2.6.2.tar.gz) = 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6
SIZE (bro-2.6.2.tar.gz) = 28477996
SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630