We announce the release of Bro v2.5.3. The new version is now available for
or directly at:
Binary packages for the new version are currently building and will be available
in the next hours at:
This is a security release that fixes an integer overflow in code generated by
binpac. This issue can be used by remote attackers to crash Bro (i.e. a DoS
attack). There also is a possibility this can be exploited in other ways.
This bug was found by Philippe Antoine of Catena cyber. A CVE will be assigned
to this bug.
Bro 2.5.3 does not contain any other changes. We urge everyone to update their
installation as quickly as possible.
bro-2.5.3.txt.asc (1.61 KB)