git: f85e384228a2 - main - security/vuxml: Mark zeek < 6.0.2 as vulnerable as per:
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 27 Oct 2023 22:26:09 UTC
The branch main has been updated by leres:
URL: https://cgit.FreeBSD.org/ports/commit/?id=f85e384228a28b33a3bd9c076a2ad4d1f22d021d
commit f85e384228a28b33a3bd9c076a2ad4d1f22d021d
Author: Craig Leres <leres@FreeBSD.org>
AuthorDate: 2023-10-27 22:25:39 +0000
Commit: Craig Leres <leres@FreeBSD.org>
CommitDate: 2023-10-27 22:25:39 +0000
security/vuxml: Mark zeek < 6.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v6.0.2
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted SSL packet could cause Zeek to leak memory
and potentially crash.
- A specially-crafted series of FTP packets could cause Zeek to
log entries for requests that have already been completed, using
resources unnecessarily and potentially causing Zeek to lose
other traffic.
- A specially-crafted series of SSL packets could cause Zeek to
output a very large number of unnecessary alerts for the same
record.
- A specially-crafted series of SSL packets could cause Zeek to
generate very long ssl_history fields in the ssl.log, potentially
using a large amount of memory due to unbounded state growth
- A specially-crafted IEEE802.11 packet could cause Zeek to overflow
memory and potentially crash
Reported by: Tim Wojtulewicz
---
security/vuxml/vuln/2023.xml | 39 +++++++++++++++++++++++++++++++++++++++
security/zeek/Makefile | 2 +-
security/zeek/distinfo | 6 +++---
3 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index c619e019378f..7f47de9a2486 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,42 @@
+ <vuln vid="386a14bb-1a21-41c6-a2cf-08d79213379b">
+ <topic>zeek -- potential DoS vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>zeek</name>
+ <range><lt>6.0.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tim Wojtulewicz of Corelight reports:</p>
+ <blockquote cite="https://github.com/zeek/zeek/releases/tag/v6.0.2">
+ <p> A specially-crafted SSL packet could cause Zeek to
+ leak memory and potentially crash. </p>
+ <p> A specially-crafted series of FTP packets could cause
+ Zeek to log entries for requests that have already been
+ completed, using resources unnecessarily and potentially
+ causing Zeek to lose other traffic. </p>
+ <p> A specially-crafted series of SSL packets could cause
+ Zeek to output a very large number of unnecessary alerts
+ for the same record. </p>
+ <p> A specially-crafted series of SSL packets could cause
+ Zeek to generate very long ssl_history fields in the
+ ssl.log, potentially using a large amount of memory due
+ to unbounded state growth </p>
+ <p> A specially-crafted IEEE802.11 packet could cause
+ Zeek to overflow memory and potentially crash </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/zeek/zeek/releases/tag/v6.0.2</url>
+ </references>
+ <dates>
+ <discovery>2023-10-27</discovery>
+ <entry>2023-10-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="db33e250-74f7-11ee-8290-a8a1599412c6">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
diff --git a/security/zeek/Makefile b/security/zeek/Makefile
index c82778ba542a..4623ee6c804a 100644
--- a/security/zeek/Makefile
+++ b/security/zeek/Makefile
@@ -1,5 +1,5 @@
PORTNAME= zeek
-DISTVERSION= 6.0.1
+DISTVERSION= 6.0.2
CATEGORIES= security
MASTER_SITES= https://download.zeek.org/
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
diff --git a/security/zeek/distinfo b/security/zeek/distinfo
index 760fbcbfb021..2f9b2eae87e8 100644
--- a/security/zeek/distinfo
+++ b/security/zeek/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1694552456
-SHA256 (zeek-6.0.1.tar.gz) = cfc329a170439195d7070ec5387d95cdda7eb6b86ac85ec707b9ed0e9d576a29
-SIZE (zeek-6.0.1.tar.gz) = 60152791
+TIMESTAMP = 1698437165
+SHA256 (zeek-6.0.2.tar.gz) = 2421989adcee6a29f48a8f7272f719edbe954d66c2e86e3a52e79cae177f887c
+SIZE (zeek-6.0.2.tar.gz) = 60175209