Bro 2.5.5

[dougburks]

From the Bro team:

We announce the release of Bro v2.5.5. The new version is now available
for download at:

    https://bro.org/download/index.html

or directly at:

    https://www.bro.org/downloads/bro-2.5.5.tar.gz

Binary packages for the new version are currently building and will be
available in the next hours at:

    https://bro.org/download/packages.html

This release has the following security fixes:

* Fix array bounds checking in BinPAC: for arrays that are fields
  within a record, the bounds check was based on a pointer to the start
  of the record rather than the start of the array field, potentially
  resulting in a buffer over-read.

* Fix SMTP command string comparisons: the number of bytes compared was
  based on the user-supplied string length and can lead to incorrect
  matches.  e.g. giving a command of "X" incorrectly matched
  "X-ANONYMOUSTLS" (and empty commands match anything).

The following changes address potential vectors for Denial of Service
reported by Christian Titze & Jan Grashöfer of Karlsruhe Institute of
Technology:

* "Weird" events are now generally suppressed/sampled by default
  according to some tunable parameters (see the changelog for more
  details).  These changes help improve performance issues resulting
  from excessive numbers of weird events.

* Improved handling of empty lines in several text protocol analyzers
  that can cause performance issues when seen in long sequences.

* Add 'smtp_excessive_pending_cmds' weird which serves as a
  notification for when the "pending command" queue has reached an
  upper limit and been cleared to prevent one from attempting to slowly
  exhaust memory.

Please update your Bro installations as soon as possible.

[dougburks]

submitted for testing: https://groups.google.com/d/topic/security-onion-testing/bXOsU_slkcw/discussion

[dougburks]

Published: https://blog.securityonion.net/2018/08/bro-255-now-available-for-security.html