Accepted suricata 2.0.7-2+deb8u3 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 04 Dec 2018 19:49:33 +0100
Source: suricata
Binary: suricata
Architecture: source amd64
Version: 2.0.7-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Pierre Chifflier <pollux@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
suricata - Next Generation Intrusion Detection and Prevention Tool
Changes:
suricata (2.0.7-2+deb8u3) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix the following security vulnerabilities:
- CVE-2018-6794:
Suricata is prone to an HTTP detection bypass vulnerability in detect.c
and stream-tcp.c. If a malicious server breaks a normal TCP flow and
sends data before the 3-way handshake is complete, then the data sent by
the malicious server will be accepted by web clients such as a web
browser or Linux CLI utilities, but ignored by Suricata IDS signatures.
This mostly affects IDS signatures for the HTTP protocol and TCP stream
content; signatures for TCP packets will inspect such network traffic as
usual.
- CVE-2017-7177:
Suricata has an IPv4 defragmentation evasion issue caused by lack of a
check for the IP protocol during fragment matching.
- CVE-2017-15377:
It was possible to trigger lots of redundant checks on the content of
crafted network traffic with a certain signature, because of
DetectEngineContentInspection in detect-engine-content-inspection.c. The
search engine doesn't stop when it should after no match is found;
instead, it stops only upon reaching inspection-recursion-limit (3000 by
default).
- TEMP-0856648-2BC2C9:
Out of bounds read in app-layer-dns-common.c.
On a zero size A or AAAA record, 4 or 16 bytes would still be read.
Checksums-Sha1:
a2ba03e4bcd8a0e52fd8499efc7c13408d915af8 2287 suricata_2.0.7-2+deb8u3.dsc
e4ef98d0ccd5952c5ec8a295a0b708bba2acf71d 14668 suricata_2.0.7-2+deb8u3.debian.tar.xz
1bd43a14db4d71b20e41ab6eb294ea2b95441c79 775080 suricata_2.0.7-2+deb8u3_amd64.deb
Checksums-Sha256:
d3afeeffd480c0d2875813f1091d6d2590a220b5b1398bd23061f253a5bc7819 2287 suricata_2.0.7-2+deb8u3.dsc
40aaa498bc6d10966228f4ef22a36aa848a7213b199ca86cb60cfa0e83b340bd 14668 suricata_2.0.7-2+deb8u3.debian.tar.xz
c79d5801285888f5056b130aff86eb0b6dc245fa87e0d097544bf03866fe5273 775080 suricata_2.0.7-2+deb8u3_amd64.deb
Files:
bf559d996f4b017be381b73bf0899317 2287 net optional suricata_2.0.7-2+deb8u3.dsc
0a4c773431011df9dca023c98a5ce9e2 14668 net optional suricata_2.0.7-2+deb8u3.debian.tar.xz
449dc8b45bc69761c69c764ab99453e7 775080 net optional suricata_2.0.7-2+deb8u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwGzzVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkPZMP/35Hir3/WNS3iB74V7Pu/84Slj20o3azIpPJ
CqHuj4ew+WBi0HSxWo/s+fhlQp4jSPMo9cvlmHU0sNMkyGDOq2i2WW54xmooUlZ4
zUbulF+0nKO7SoJ0TuLuOeIKuSN+M/B9LDLbh+YKYgdYa5153U61oZ1mkZsRH1HV
qi224u6O2QsxukgAMlqDD0seEeS3whnpu61kpGjtyG8czZ+L92nRyyeZS1fNTNWw
k5zKEbLJrC8ev67jn7i1oIsSIOnXTKyfZEBtr107HbGu8GPQns1uGjzUY8MSlzyZ
QJ3pXnyNvgaU8UEdh9KABspFZXXIkD/DUHYdDmEusWvaBTWOJpgLYiDbEhDeYAVV
g/1atrQ6CMCH77hB2x5ACWscNrO6MfcDfJ54/yc3oWmKFhlHCWa7y/Ti38MEd8wR
HZ36vXViLVv8NGMP7cgd65Q/nsRQpnyOcZE/IUELzCOg/l8USHKUTvIf01vVCRtn
K0Xp8DnWnuX8sP/AlSf9E2hpRaLhkuiWlsi85R/uUU5hKt0guyInTCoUSq2HkBkO
Qv6rmO8SbJPgT7mR+MHMP4AfL1vPU6IwgF+VbbDjMmw+RgWW8SqmG4DV87Gi6rGs
EnR4FnpZcEEwRxcqy2VCsMqFik+VU9XObWFyDXRmzwJoZCYI6GGOdLW/Kqefk8cQ
4j1j7GZS
=wYlh
-----END PGP SIGNATURE-----