Bro 2.5.3 release (security update)

We announce the release of Bro v2.5.3. The new version is now available for
download at:

or directly at:

Binary packages for the new version are currently building and will be available
in the next hours at:

This is a security release that fixes an integer overflow in code generated by
binpac. This issue can be used by remote attackers to crash Bro (i.e. a DoS
attack). There also is a possibility this can be exploited in other ways.

This bug was found by Philippe Antoine of Catena cyber. A CVE will be assigned
to this bug.

Bro 2.5.3 does not contain any other changes. We urge everyone to update their
installation as quickly as possible.


bro-2.5.3.txt.asc (1.61 KB)