From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 1/2] suricata: Update to 5.0.8 Date: Sat, 20 Nov 2021 12:53:13 +0000 Message-ID: <6418EE4E-A31D-459B-9598-1616895F8BA8@ipfire.org> In-Reply-To: <20211120124732.30431-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2364407655918620979==" List-Id: --===============2364407655918620979== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Matthias, This perfectly compliments my suricata patchset from yesterday :) Reviewed-by: Michael Tremer -Michael > On 20 Nov 2021, at 12:47, Matthias Fischer = wrote: >=20 > For details see: > https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 >=20 > "Various security, performance, accuracy and stability issues have been fix= ed, > including two TCP evasion issues. CVE 2021-37592 was assigned." >=20 > Changelog: >=20 > "5.0.8 -- 2021-11-16 >=20 > Security #4635: tcp: crafted injected packets cause desync after 3whs > Security #4727: Bypass of Payload Detection on TCP RST with options of MD5h= eader > Bug #4345: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 100= 0000UL > Bug #4382: fileinfo "stored: false" even if the file is kept on disk > Bug #4626: DNP3: intra structure overflow in DNP3DecodeObjectG70V6 > Bug #4628: alert count shows up as 0 when stats are disabled > Bug #4631: Protocol detection : confusion with SMB in midstream > Bug #4639: Failed assertion in SMTP SMTPTransactionComplete > Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both = sides need to be pruned > Bug #4647: rules: Unable to find the sm in any of the sm lists > Bug #4674: rules: mix of drop and pass rules issues > Bug #4676: rules: drop rules with noalert not fully dropping > Bug #4688: detect: too many prefilter engines lead to FNs > Bug #4690: nfs: failed assert self.tx_data.files_logged > 1 > Bug #4691: IPv6 : decoder event on invalid fragment length > Bug #4696: lua: file info callback returns wrong value > Bug #4718: protodetect: SEGV due to NULL ptr deref > Bug #4729: ipv6 evasions : fragmentation > Bug #4788: Memory leak in SNMP with DetectEngineState > Bug #4790: af-packet: threads sometimes get stuck in capture > Bug #4794: loopback: different AF_INET6 values per OS > Bug #4816: flow-manager: cond_t handling in emergency mode is broken > Bug #4831: SWF decompression overread > Bug #4833: Wrong list_id with transforms for http_client_body and http file= _data > Optimization #3429: improve err msg for dataset rules parsing > Task #4835: libhtp 0.5.39" >=20 > Signed-off-by: Matthias Fischer > --- > lfs/suricata | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/lfs/suricata b/lfs/suricata > index c7f189bf4..700556dd2 100644 > --- a/lfs/suricata > +++ b/lfs/suricata > @@ -24,7 +24,7 @@ >=20 > include Config >=20 > -VER =3D 5.0.7 > +VER =3D 5.0.8 >=20 > THISAPP =3D suricata-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -41,7 +41,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_MD5 =3D f6ff77e4dcf8035853209ceeba9b530c > +$(DL_FILE)_MD5 =3D d48387c2e0b5e502852b077369d947c5 >=20 > install : $(TARGET) >=20 > --=20 > 2.18.0 >=20 --===============2364407655918620979==--