Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update CHANGES, VERSION, and NEWS for 6.1.1

Browse source
This commit is contained in:
Tim Wojtulewicz 2024-01-19 08:58:08 -07:00
parent 551cc476c4
commit 37c47f1751
3 changed files with 37 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

24
CHANGES
View file

@ -1,3 +1,27 @@
6.1.1 | 2024-01-19 08:58:08 -0700
* Update CHANGES, VERSION, and NEWS for 6.1.1 (Tim Wojtulewicz)
* MIME: Cap nested MIME analysis depth to 100 (Arne Welzel, Corelight)
OSS-Fuzz managed to produce a MIME multipart message construction with
thousands of nested entities (or that's what Zeek makes out of it anyhow).
Prevent such deep analysis by capping at a nesting depth of 100,
preventing unnecessary resource usage. A new weird named exceeded_mime_max_depth
is reported when this limit is reached.
This change reduces the runtime of the OSS-Fuzz reproducer from ~45 seconds
to ~2.5 seconds.
The test PCAP was produced from a Python script using the email package
and sending the rendered version via POST to a HTTP server.
(cherry picked from commit 997c017df937ea47d999d9724e247c3d0e38e509)
* GH-3177: Make sure Spicy symbols are available. (Benjamin Bannier, Corelight)
(cherry picked from commit 638e8a051959c869261b46ebc56e1bce80d200b0)
6.1.0-31 | 2024-01-18 16:25:51 -0700 6.1.0-31 | 2024-01-18 16:25:51 -0700
* CI: Remove unused openssl30_config (Tim Wojtulewicz, Corelight) * CI: Remove unused openssl30_config (Tim Wojtulewicz, Corelight)

12
NEWS
View file

@ -6,6 +6,15 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
Zeek 6.1.1 Zeek 6.1.1
========== ==========
This release fixes the following security issues:
- A specially-crafted series of packets containing nested MIME entities can
cause Zeek to spend large amounts of time parsing the entities. Due to the
possibility of receiving these packets from remote hosts, this is a DoS
risk.The fix included adds a new option (MIME::max_depth) to the MIME parser
that limits the depth the parser will attempt to follow the entity nesting. If
the limit is reached an exceeded_mime_max_depth weird is generated.
This release fixes the following bugs: This release fixes the following bugs:
- CMake correctly passes along third-party package information when building - CMake correctly passes along third-party package information when building
@ -29,6 +38,9 @@ This release fixes the following bugs:
the &create_expire attribute intact. This broke the "log hosts every 24h" the &create_expire attribute intact. This broke the "log hosts every 24h"
behavior. behavior.
- Zeek builds using the --binary-package argument and including Spicy will now
include all necessary Spicy symbols.
Zeek 6.1.0 Zeek 6.1.0
========== ==========

2
VERSION
View file

@ -1 +1 @@
6.1.0-31 6.1.1