Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update CHANGES, VERSION, and NEWS for 7.0.2 release

Browse source
This commit is contained in:
Tim Wojtulewicz 2024-09-23 12:01:55 -07:00
parent 815001f2aa
commit 270429bfea
3 changed files with 45 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

27
CHANGES
View file

@ -1,3 +1,30 @@
7.0.2 | 2024-09-23 12:01:55 -0700
* pop3: Remove unused headers (Arne Welzel, Corelight)
(cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
* pop3: Prevent unbounded state growth (Arne Welzel, Corelight)
The cmds list may grow unbounded due to the POP3 analyzer being in
multiLine mode after seeing `AUTH` in a Redis connection, but never
a `.` terminator. This can easily be provoked by the Redis ping
command.
This adds two heuristics: 1) Forcefully process the oldest commands in
the cmds list and cap it at max_pending_commands. 2) Start raising
analyzer violations if the client has been using more than
max_unknown_client_commands commands (default 10).
(cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
* btest/pop3: Add somewhat more elaborate testing (Arne Welzel, Corelight)
PCAP taken from here: https://tranalyzer.com/tutorial/pop and reference
added to Traces/README.
(cherry picked from commit 702fb031a4ea2b00364d6a7321384a45551ce3a2)
7.0.1-6 | 2024-09-23 10:01:55 -0700 7.0.1-6 | 2024-09-23 10:01:55 -0700
* Remove core.negative-time btest (Tim Wojtulewicz, Corelight) * Remove core.negative-time btest (Tim Wojtulewicz, Corelight)

17
NEWS
View file

@ -3,6 +3,23 @@ This document summarizes the most important changes in the current Zeek
release. For an exhaustive list of changes, see the ``CHANGES`` file release. For an exhaustive list of changes, see the ``CHANGES`` file
(note that submodules, such as Broker, come with their own ``CHANGES``.) (note that submodules, such as Broker, come with their own ``CHANGES``.)
Zeek 7.0.2
==========
This release fixes the following security issues:
- The POP3 parser has been hardened to avoid unbounded state growth in the
face of one-sided traffic capture or when enabled for non-POP3 traffic.
Concretely, the Redis protocol's AUTH mechanism enables the POP3 analyzer
for such connections through DPD.
This release fixes the following bugs:
- Support for SASL+SPNEGO+NTLMSSP was added to the LDAP analyzer.
- Telemetry callbacks are now handled via Zeek instead of depending on the
prometehus-cpp library to handle them.
Zeek 7.0.1 Zeek 7.0.1
========== ==========

2
VERSION
View file

@ -1 +1 @@
7.0.1-6 7.0.2