We announce the release of Bro v2.5.3. The new version is now available for download at https://bro.org/download/index.html or directly at https://www.bro.org/downloads/bro-2.5.3.tar.gz.

Binary packages for the new version are currently building and will be available
in the next hours at https://bro.org/download/packages.html.

This is a security release that fixes an integer overflow in code generated by binpac. This issue can be used by remote attackers to crash Bro (i.e. a DoS attack). There also is a possibility this can be exploited in other ways.

This bug was found by Philippe Antoine of Catena cyber. A CVE will be assigned to this bug.

Bro 2.5.3 does not contain any other changes. We urge everyone to update their installation as quickly as possible.

Feel free to use our mailing list or the bug tracker to provide feedback or report problems.

%d bloggers like this: