Bro v2.3.2 is released. Source distribution and binary packages are available on our downloads page. This release fixes the following vulnerabilities:
Parsers generated by BinPAC may contain out-of-bounds memory reads due to insufficient validation of field lengths. Reported by John Villamil and Chris Rohlf – Yahoo Paranoids. (CVE-2014-9586)
A DNP3 pseudo link layer length of zero may trigger an assertion or buffer over-read/overflow. Reported by Travis Emmert. (CVE-2015-1521)
Some non-zero values for the DNP3 pseudo link layer length may cause a buffer over-read/overflow. Reported by Travis Emmert. (CVE-2015-1522)
We encourage users to review and install at their earliest convenience. For reporting security concerns and vulnerabilities, see: how to report a security vulnerability.
The Bro Team