Monday, January 26, 2015

Bro 2.3.2 Release

Bro v2.3.2 is released.  Source distribution and binary packages are available on our downloads page.  This release fixes the following vulnerabilities:
Parsers generated by BinPAC may contain out-of-bounds memory reads due to insufficient validation of field lengths.  Reported by John Villamil and Chris Rohlf - Yahoo Paranoids. (CVE-2014-9586) 
A DNP3 pseudo link layer length of zero may trigger an assertion or buffer over-read/overflow.  Reported by Travis Emmert.  (CVE-2015-1521)
Some non-zero values for the DNP3 pseudo link layer length may cause a buffer over-read/overflow.  Reported by Travis Emmert.  (CVE-2015-1522)
We encourage users to review and install at their earliest convenience.  For reporting security concerns and vulnerabilities, see: how to report a security vulnerability.

The Bro Team

No comments:

Post a Comment