security/zeek: Update to 5.0.8

    https://github.com/zeek/zeek/releases/tag/v5.0.8

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted stream of FTP packets containing a command
   reply with many intermediate lines can cause Zeek to spend a
   large amount of time processing data.

 - A specially-crafted set of packets containing extremely large
   file offsets cause cause the reassembler code to allocate large
   amounts of memory.

 - The DNS manager does not correctly expire responses that don't
   contain any data, such those containing NXDOMAIN or NODATA status
   codes. This can lead to Zeek allocating large amounts of memory
   for these responses and never deallocating them.

 - A specially-crafted stream of RDP packets can cause Zeek to spend
   large protocol validation.

 - A specially-crafted stream of SMTP packets can cause Zeek to
   spend large amounts of time processing data.

This release fixes the following bugs:

 - Data stores used by the known-{hosts,certs,services} policies
   now default to using local stores instead of Broker stores.

 - The VXLAN and Geneve report analyzer confirmations once their
   protocols have been fully parsed, but before attempting to forward
   to the tunneled packets to other analyzers.

 - New wierds were added to the AYIYA, Geneve, and VXLAN analyzers
   (ayiya_empty_packet, geneve_empty_packet, and vxlan_empty_packet).

 - A new script-level option Pcap::non_fd_timeout was added to allow
   fine-tuning the amount of time to sleep on each IO loop when
   using a packet source that doesn't provide a file descriptor
   (e.g. Myricom).

 - Avoid attempting to retrieve packets during every loop for a
   packet source, instead switching to a predictive approach that
   keeps track of whether or not that packet source has previously
   seen traffic.

Reported by:	Tim Wojtulewicz
Security:	96d6809a-81df-46d4-87ed-2f78c79f06b1

0 files changed, 0 insertions, 0 deletions