-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Release Candidate 2 for Zeek 3.0.0 is now available for
testing:
https://www.zeek.org/downloads/zeek-3.0.0-rc2.tar.gzhttps://www.zeek.org/downloads/zeek-3.0.0-rc2.tar.gz.asc
See the CHANGES file for a list of changes since RC1.
This major release will have many additions and changes, the
most prominent being a comprehensive adaptation to use Zeek
instead of Bro. See the NEWS file for the full list of
important differences to be aware of when upgrading and testing.
Our blog also describes the upcoming release and potential
issues when upgrading:
https://blog.zeek.org
Please report bugs at our GitHub project:
https://github.com/zeek/zeek/issues
Or feel free to give feedback directly on the Zeek mailing list.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl1nE94ACgkQxotJTfVq
zH4i9g//bPeNtIckaFzdRJqevLqqj4H4TU6CWPnKaELVV0GljFcmuFzfMA4W35yx
xFDUKOxUcIgLoQ79mhOm2x3VOaSpKmSz/8BXII5fvSshQ70CkNeTfOr79SQZ+Lvb
wPTmq96y2UxSanPH4NanUO7AnI3o7rw9Fu8QGB0MgE0a9Cn1iPaE4dBA4ivAjrI1
JhLqMcuA7hLYwJSkPG3XjJTLumtELsiXxL8LLmbCKQDPYLm6gLSMTKq4p9n8+zo0
GJ/ltwPwmsSYcgmhiifEcVns/HpU7qLEI4uP5XnHQ5Fcgvmu7BPvxA5eV6ZwafxP
5u2rYiPyC6n5qOOiS/mvMP0Y39H8XDC2Oa6TJ+xy0fC5BHYPCBhRcBNlz31Fp8UR
2k1AMAMh+9pSEBz5c7F18H38zblt+swxbp/wN7D+Mg4gwX0qMP1ZUwuGzcYiT5mf
Of5rUh2kZa1emrjBMqBe85hpd2Yfn6kvSjwqVeoYoMqgMBb3yhmQPH/itqBq/T1M
G9ULuLB8rYRGvwD5DEnPRqzaXP8T0GGAP+1WNTEZxIL8vD6Ksw/oon1h+odTCtT8
zu68Jl/2nDCk7Y6kiHr6x5cOVOT0yEPvc5JlRgb9ZWWuWvvqujJI8aHqzLwiz9Wo
XYKwpgroPGijax95pr8Y7Jzgqmcm66GPyBnRaNWXg2bohGOMycg=
=8xcQ
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A security patch release, Bro v2.6.4, is now available for
download:
https://www.zeek.org/downloads/bro-2.6.4.tar.gzhttps://www.zeek.org/downloads/bro-2.6.4.tar.gz.asc
Bro v2.6.4 addresses a potential Denial of Service
vulnerability:
* The NTLM analyzer did not properly handle AV Pair sequences
that were either empty or unterminated, resulting in invalid
memory access or heap buffer over-read. The NTLM analyzer
is enabled by default and used in the analysis of SMB,
DCE/RPC, and GSSAPI protocols.
Thanks to Chris Hinshaw for reporting the issue.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl1nE/kACgkQxotJTfVq
zH6Few//S2ErQbxV2StBTRECbX7BeAOZy9y+UYhH1BYCQuYLplhdg+Slgj1cPxas
y0Tkm8B6EX8uBcAX3QRzui+bZvwVtlJDo3sGAAkjiLAK6djf8ix1i9aAZgfzi7/I
yiACWnpXe+2r3/XN020uoL8LQk7M0GZ7g3v6WMykdncCortneEVuQGPjb9lbXQ7B
f5KYXaThV53t6axHBhnbMwEtiXzJQ/uWAwDd+owpuWYl7DpeVZ3WL3iGzaEsA66T
pY6mjElOjeaHI4ttmdMsjbrxyseC+bhnlY5Q4NB9RJtQwbKjoP/FPwvOvD1qD3mD
2hY5h7t+GzENr3XHiuidmJvYRYrTn6wQLw5c6WL1Qs7raBdpRfpCmadrIYLYJVkY
TnTc/8BO4Pu09pGoQB6JiCOdt4Q452RJkrEt7LcOmWYOLBThXGYejM/PvKkdWsft
sGJ4bpsxKQoTWVLKKXTSnVvbwaDahyHl4/YZ776FEtBh5BTY4fHZw/GmwnbxEbDC
dp7gZ3GvhIQwOzrofm3T5aX3AvIZglZcDTwwRYyQ8d8ZZ/s/HCE4GNX3JTjZCxlx
ebKC9n5F+F6PSOdpeLsC7z9fT5/WPJHW9hxAhT5mHUToGeYohp6jqb+OAgHR0nXr
aonvtN4Y/5MC4Ink+PAxHUdW228e9bv3Bxe7/0kCITeEBU6zX8Q=
=Biua
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A Release Candidate for Zeek 3.0.0 is now available for
testing:
https://www.zeek.org/downloads/zeek-3.0.0-rc1.tar.gzhttps://www.zeek.org/downloads/zeek-3.0.0-rc1.tar.gz.asc
This major release will have many additions and changes, the
most prominent being a comprehensive adaptation to use Zeek
instead of Bro. See the NEWS file for the full list of
important differences to be aware of when upgrading and testing.
Our blog also describes the upcoming release and potential
issues when upgrading:
https://blog.zeek.org
Please report bugs at our GitHub project:
https://github.com/zeek/zeek/issues
Or feel free to give feedback directly on the Zeek mailing list.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl1MtgAACgkQxotJTfVq
zH5PwQ//UfT3kqp6kXy+XG0f3mhHNinKWK857ihkhnYB4MR66EKERJCe+1GKiEJV
9fK8eCXNKGsf5SPB2FRwxtdsv8QFmIecuv5VHGtZNGOYY4Jqe7gHXy+6/dCicqK+
R9FaVzp4C/EMP5E/4UOygFLvr4dehK/tuLUgVmDqDh7LbtCPZdabNo8oamIzEi7p
pymLCJyQP2u4KFmOV5GYufJl5AZ9/Lv96FmhqOb0mdFcSKgI6PMZPVl5tyA8+rb8
o9P1EU5Gxinc2ys2VH+w8XUErVSR9eMvHopd13Na0OZQt1D8A0X3R+cEKGwsP7di
/vZJ1qz2hDYho+zhiKqle0bCsWk5k8D8uHAi19wxPLSQcbikAcjH4CRWLfoJbJfE
wMSvd+7TQYE8YMOwtgTzBa0phrgq43+DD4vQYYxc1GbJCSa3dTkyQ8JW1+CuhmbS
/9yZz5aQvXadBRply77cnZtoIC+4cIwqk51Bzd5lpBsRuaeQVArUJmSvsHx7EP1x
PTiS9TsyzyrmzAU4Dbtqzr9oW3XT9VkUhziExT0g5tt9tsRDE0tY47p3z05rsJpH
jer3vTLJs/eMg8bAmUJjn9VXtZjp1vNiTBQSvuewF6KeTduWRuM7eR4FrijlYrpA
5w9zGVPiTbyP/HoOL1APMHBWTsJikHta7zl751gBFotu8naPvL8=
=XsHc
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A security patch release, Bro v2.6.3, is now available for
download:
https://www.zeek.org/downloads/bro-2.6.3.tar.gzhttps://www.zeek.org/downloads/bro-2.6.3.tar.gz.asc
Bro v2.6.3 addresses the following Denial of Service
vulnerabilities:
* Null pointer dereference in the RPC analysis code. RPC
analyzers (e.g. MOUNT or NFS) are not enabled in the default
configuration.
* Signed integer overflow in BinPAC-generated parser code. The
result of this is Undefined Behavior with respect to the array
bounds checking conditions that BinPAC generates, so it's
unpredictable what an optimizing compiler may actually do
under the assumption that signed integer overlows should never
happen. The specific symptom which lead to finding this issue
was with the PE analyzer causing out-of-memory crashes due to
large allocations that were otherwise prevented when the array
bounds checking logic was changed to prevent any possible
signed integer overlow.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBAgAdFiEE6WkLK32KwaGfkhxKxotJTfVqzH4FAl1MpNQACgkQxotJTfVq
zH6psg/9FZq5HVhRNymHzB1VHXlf1ELDW/lKC26ekl17Ri25Ec0YPm2U7xP1R/D+
XzLGcF5Wh74gB8IgbePHPq4RynVYYOyeRboN2yjrCCZvUBQcVn32wDOWo2QJer/0
kro+EDDaxWNUPhhM3xD09UYscWJ7SlyHfQciMnn9FWkccYOUqciIydiIcAdQ6Ako
uoG3pGh9BDfFQVMbYpC0pQPFNU6LAzyUOMq0I7cKKKxT+GRj5GuHVOnWfSqdulUA
w05Dk7isxeea7slR+g6FgCrBX/xqdMhnoJPNuKnMZ7+aKlg1a/MOB45tmeqm/OTs
jOg6+BB0W3rOc8McZf6ksnOFj/1CK7Nhf9ccFNgqXGTjOYRfcFEw9L9QbJyPcRDW
6fDIaXWLQx4NTgf74EIR/k4uZ4iLWKSahq1V9w0qPbQQXIvZEf5a9E4bCJHbhA5K
5WngU0NGZiKQACNGf0Ja0y470/V/u6EDFDge4lgIKsef7bysuOhNpRNPHTx8bMrM
dPOSvLoWabirdGCYXD50egJujFl1bgVUfJ0f61C23fobefm/M0X9goNTtIbnDYuX
WAeaEk7snMWwZman4PyEMk1pTulW3yt8rhXCNJxpchwqZYiF69wM8o41gbBD/sly
ECL8vEHK1hiShTuZcjn9VW/pRkGq4YyXjon19bnCREgJNiGZhtY=
=jf49
-----END PGP SIGNATURE-----