FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zeek -- Various vulnerabilities

Affected packages
		zeek	<	3.0.6

Details

VuXML ID	1a6b7641-aed2-4ba1-96f4-c282d5b09c37
Discovery	2020-05-06
Entry	2020-05-06

Jon Siwek of Corelight reports:

This release fixes the following security issues:

Fix buffer over-read in Ident analyzer

Fix SSL scripting error leading to uninitialized field access and memory leak

Fix POP3 analyzer global buffer over-read

Fix potential stack overflows due to use of Variable-Length-Arrays

[source]

References

URL	https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS