From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] Suricata: update to 5.0.3
Date: Tue, 28 Apr 2020 18:36:32 +0200 [thread overview]
Message-ID: <e434a254-ad43-870f-4b5c-6bd90c5e46f2@ipfire.org> (raw)
In-Reply-To: <feee1dce-4eee-fb24-bbf6-0b63fcfaa4c0@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 4012 bytes --]
Release notes (https://suricata-ids.org/2020/04/28/suricata-5-0-3-released/, truncated):
This is the first release after Suricata joined the Oss-Fuzz program, leading to
discovery of a number of (potential) security issues. We expect that in the coming
months we’ll fix more such issues, as the fuzzers increase their coverage and we
continue to improve the seed corpus.
Feature #3481: GRE ERSPAN Type 1 Support
Feature #3613: Teredo port configuration
Feature #3673: datasets: add ‘dataset-remove’ unix command
Bug #3240: Dataset hash-size or prealloc invalid value logging
Bug #3241: Dataset reputation invalid value logging
Bug #3342: Suricata 5.0 crashes while parsing SMB data
Bug #3450: signature with sticky buffer with subsequent pcre check in a different buffer loads but will never match
Bug #3491: Backport 5 BUG_ON(strcasecmp(str, “any”) in DetectAddressParseString
Bug #3507: rule parsing: memory leaks
Bug #3526: 5.0.x Kerberos vulnerable to TCP splitting evasion
Bug #3534: Skip over ERF_TYPE_META records
Bug #3552: file logging: complete files sometimes marked ‘TRUNCATED’
Bug #3571: rust: smb compile warnings
Bug #3573: TCP Fast Open – Bypass of stateless alerts
Bug #3574: Behavior for tcp fastopen
Bug #3576: Segfault when facing malformed SNMP rules
Bug #3577: SIP: Input not parsed when header values contain trailing spaces
Bug #3580: Faulty signature with two threshold keywords does not generate an error and never match
Bug #3582: random failures on sip and http-evader suricata-verify tests
Bug #3585: htp: asan issue
Bug #3592: Segfault on SMTP TLS
Bug #3598: rules: memory leaks in pktvar keyword
Bug #3600: rules: bad address block leads to stack exhaustion
Bug #3602: rules: crash on ‘internal’-only keywords
Bug #3604: rules: missing ‘consumption’ of transforms before pkt_data would lead to crash
Bug #3606: rules: minor memory leak involving pcre_get_substring
Bug #3609: ssl/tls: ASAN issue in SSLv3ParseHandshakeType
Bug #3610: defrag: asan issue
Bug #3612: rules/bsize: memory issue during parsing
Bug #3614: build-info and configure wrongly display libnss status
Bug #3644: Invalid memory read on malformed rule with Lua script
Bug #3646: rules: memory leaks on failed rules
Bug #3649: CIDR Parsing Issue
Bug #3651: FTP response buffering against TCP stream
Bug #3653: Recursion stack-overflow in parsing YAML configuration
Bug #3660: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow
Bug #3665: FTP: Incorrect ftp_memuse calculation.
Bug #3667: Signature with an IP range creates one IPOnlyCIDRItem by signe IP address
Bug #3669: Rules reload with Napatech can hang Suricata UNIX manager process
Bug #3672: coverity: data directory handling issues
Bug #3674: Protocol detection evasion by packet splitting
Optimization #3406: filestore rules are loaded without warning when filestore is not enabled
Task #3478: libhtp 0.5.33
Task #3514: SMTP should place restraints on variable length items (e.g., filenames)
Documentation #3543: doc: add ipv4.hdr and ipv6.hdr
Bundled libhtp 0.5.33
Bundled Suricata-Update 1.1.2
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
lfs/suricata | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/suricata b/lfs/suricata
index fdff36ca6..9369500ac 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
include Config
-VER = 5.0.2
+VER = 5.0.3
THISAPP = suricata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 28470c05f0f1d3eae2a0c7312c3eabc3
+$(DL_FILE)_MD5 = d302ae41735551e2e1198e965d452664
install : $(TARGET)
--
2.16.4
next prev parent reply other threads:[~2020-04-28 16:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-28 16:35 [PATCH 1/2] libhtp: update to 0.5.33 Peter Müller
2020-04-28 16:36 ` Peter Müller [this message]
2020-04-29 10:31 ` [PATCH 2/2] Suricata: update to 5.0.3 Michael Tremer
2020-04-29 10:31 ` [PATCH 1/2] libhtp: update to 0.5.33 Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e434a254-ad43-870f-4b5c-6bd90c5e46f2@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox