FreeBSD : zeek -- Various vulnerabilities (1a6b7641-aed2-4ba1-96f4-c282d5b09c37)

high Nessus Plugin ID 136384

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Jon Siwek of Corelight reports :

This release fixes the following security issues :

- Fix buffer over-read in Ident analyzer

- Fix SSL scripting error leading to uninitialized field access and memory leak

- Fix POP3 analyzer global buffer over-read

- Fix potential stack overflows due to use of Variable-Length-Arrays

Solution

Update the affected package.

See Also

https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS

http://www.nessus.org/u?f0394ef9

Plugin Details

Severity: High

ID: 136384

File Name: freebsd_pkg_1a6b7641aed24ba196f4c282d5b09c37.nasl

Version: 1.1

Type: local

Published: 5/7/2020

Updated: 5/7/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:zeek, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/6/2020

Vulnerability Publication Date: 5/6/2020