security/zeek: Update to 3.0.4 and address a remote crash vulnerability:

   https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS

 - Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
   remotely via crafted packet sequence.

Other fixes:

 - Fix use-after-free in Zeek lambda functions with uninitialized
   locals

 - Fix buffer overflow due to tables/records created at parse-time
   not rebuilt on record redef

 - Fix SMB NegotiateContextList parsing

 - Fix binpac flowbuffer frame length parsing doing too much bounds
   checking

 - Fix parsing ERSPAN III optional sub-header

 - Fix bug in intel indicator normalization

 - Fix connection duration thresholding

 - Fix X509Common.h header include for external plugins

 - Fix incorrect targeting of node-specific Broker/Cluster messages

MFH:		2020Q2

0 files changed, 0 insertions, 0 deletions