[PATCH 1/2] suricata: Update to 5.0.8

[PATCH 1/2] suricata: Update to 5.0.8

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 2544 bytes --]

For details see:
https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942

"Various security, performance, accuracy and stability issues have been fixed,
including two TCP evasion issues. CVE 2021-37592 was assigned."

Changelog:

"5.0.8 -- 2021-11-16

Security #4635: tcp: crafted injected packets cause desync after 3whs
Security #4727: Bypass of Payload Detection on TCP RST with options of MD5header
Bug #4345: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL
Bug #4382: fileinfo "stored: false" even if the file is kept on disk
Bug #4626: DNP3: intra structure overflow in DNP3DecodeObjectG70V6
Bug #4628: alert count shows up as 0 when stats are disabled
Bug #4631: Protocol detection : confusion with SMB in midstream
Bug #4639: Failed assertion in SMTP SMTPTransactionComplete
Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
Bug #4647: rules: Unable to find the sm in any of the sm lists
Bug #4674: rules: mix of drop and pass rules issues
Bug #4676: rules: drop rules with noalert not fully dropping
Bug #4688: detect: too many prefilter engines lead to FNs
Bug #4690: nfs: failed assert self.tx_data.files_logged > 1
Bug #4691: IPv6 : decoder event on invalid fragment length
Bug #4696: lua: file info callback returns wrong value
Bug #4718: protodetect: SEGV due to NULL ptr deref
Bug #4729: ipv6 evasions : fragmentation
Bug #4788: Memory leak in SNMP with DetectEngineState
Bug #4790: af-packet: threads sometimes get stuck in capture
Bug #4794: loopback: different AF_INET6 values per OS
Bug #4816: flow-manager: cond_t handling in emergency mode is broken
Bug #4831: SWF decompression overread
Bug #4833: Wrong list_id with transforms for http_client_body and http file_data
Optimization #3429: improve err msg for dataset rules parsing
Task #4835: libhtp 0.5.39"

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/suricata | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/suricata b/lfs/suricata
index c7f189bf4..700556dd2 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.0.7
+VER        = 5.0.8
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = f6ff77e4dcf8035853209ceeba9b530c
+$(DL_FILE)_MD5 = d48387c2e0b5e502852b077369d947c5
 
 install : $(TARGET)
 
-- 
2.18.0

[PATCH 2/2] libhtp: Update to 0.5.39

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 828 bytes --]

For details see:
https://github.com/OISF/libhtp/releases/tag/0.5.39

"0.5.39 (16 Nov 2021)
 --------------------

- host: ipv6 address is a valid host
- util: one char is not always empty line
- test and fuzz improvements"

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/libhtp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/libhtp b/lfs/libhtp
index 242953254..95264df09 100644
--- a/lfs/libhtp
+++ b/lfs/libhtp
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.5.38
+VER        = 0.5.39
 
 THISAPP    = libhtp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 4d3bee196a8adcb10bfd874ec6bd9ca0
+$(DL_FILE)_MD5 = f18e1a3f36b97beb63616ad1a5c2a9d8
 
 install : $(TARGET)
 
-- 
2.18.0

Re: [PATCH 1/2] suricata: Update to 5.0.8

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2916 bytes --]

Hello Matthias,

This perfectly compliments my suricata patchset from yesterday :)

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

-Michael

> On 20 Nov 2021, at 12:47, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> For details see:
> https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
> 
> "Various security, performance, accuracy and stability issues have been fixed,
> including two TCP evasion issues. CVE 2021-37592 was assigned."
> 
> Changelog:
> 
> "5.0.8 -- 2021-11-16
> 
> Security #4635: tcp: crafted injected packets cause desync after 3whs
> Security #4727: Bypass of Payload Detection on TCP RST with options of MD5header
> Bug #4345: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL
> Bug #4382: fileinfo "stored: false" even if the file is kept on disk
> Bug #4626: DNP3: intra structure overflow in DNP3DecodeObjectG70V6
> Bug #4628: alert count shows up as 0 when stats are disabled
> Bug #4631: Protocol detection : confusion with SMB in midstream
> Bug #4639: Failed assertion in SMTP SMTPTransactionComplete
> Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
> Bug #4647: rules: Unable to find the sm in any of the sm lists
> Bug #4674: rules: mix of drop and pass rules issues
> Bug #4676: rules: drop rules with noalert not fully dropping
> Bug #4688: detect: too many prefilter engines lead to FNs
> Bug #4690: nfs: failed assert self.tx_data.files_logged > 1
> Bug #4691: IPv6 : decoder event on invalid fragment length
> Bug #4696: lua: file info callback returns wrong value
> Bug #4718: protodetect: SEGV due to NULL ptr deref
> Bug #4729: ipv6 evasions : fragmentation
> Bug #4788: Memory leak in SNMP with DetectEngineState
> Bug #4790: af-packet: threads sometimes get stuck in capture
> Bug #4794: loopback: different AF_INET6 values per OS
> Bug #4816: flow-manager: cond_t handling in emergency mode is broken
> Bug #4831: SWF decompression overread
> Bug #4833: Wrong list_id with transforms for http_client_body and http file_data
> Optimization #3429: improve err msg for dataset rules parsing
> Task #4835: libhtp 0.5.39"
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/suricata | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lfs/suricata b/lfs/suricata
> index c7f189bf4..700556dd2 100644
> --- a/lfs/suricata
> +++ b/lfs/suricata
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 5.0.7
> +VER        = 5.0.8
> 
> THISAPP    = suricata-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -41,7 +41,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = f6ff77e4dcf8035853209ceeba9b530c
> +$(DL_FILE)_MD5 = d48387c2e0b5e502852b077369d947c5
> 
> install : $(TARGET)
> 
> -- 
> 2.18.0
> 

Re: [PATCH 2/2] libhtp: Update to 0.5.39

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1085 bytes --]

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 20 Nov 2021, at 12:47, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> For details see:
> https://github.com/OISF/libhtp/releases/tag/0.5.39
> 
> "0.5.39 (16 Nov 2021)
> --------------------
> 
> - host: ipv6 address is a valid host
> - util: one char is not always empty line
> - test and fuzz improvements"
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/libhtp | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lfs/libhtp b/lfs/libhtp
> index 242953254..95264df09 100644
> --- a/lfs/libhtp
> +++ b/lfs/libhtp
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 0.5.38
> +VER        = 0.5.39
> 
> THISAPP    = libhtp-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = 4d3bee196a8adcb10bfd874ec6bd9ca0
> +$(DL_FILE)_MD5 = f18e1a3f36b97beb63616ad1a5c2a9d8
> 
> install : $(TARGET)
> 
> -- 
> 2.18.0
> 

Re: [PATCH 1/2] suricata: Update to 5.0.8

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

On 20.11.2021 13:53, Michael Tremer wrote:
> Hello Matthias,
> 
> This perfectly compliments my suricata patchset from yesterday :)
> 
> Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
> ...

I hoped it would. ;-)

BTW:
I also tested 6.0.4, but this version still has problems with cpu load,
so I sticked with 5.0.8.

Best,
Matthias