Tag Archive | pcre

Suricata 2.0.9 Available!

Photo by Eric Leblond

The OISF development team is pleased to announce Suricata 2.0.9. This release fixes a number of issues in the 2.0 series.

Couple of important fixes: defrag evasion, a crash when using certain rules (mixing regular content and relative bytejumps with dce option) and better detection of TCP retransmissions with different data.

Download

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.9.tar.gz

Changes

  • Bug#1558: stream: retransmission not detected (2.0.x)
  • Bug #1550: Segmentation Fault at detect-engine-content-inspection.c:438
  • Bug #1564: defrag: evasion issue
  • Bug #1431: stream: last_ack update issue leading to stream gaps (2.0.x)
  • Bug #1483: 2.0.x backport: Leading whitespace in flowbits variable names
  • Bug #1490: http_host payload validation erroring on uppercase PCRE metacharacters
  • Bug #1501: 2.0.x backport: Add HUP coverage to output json-log
  • Bug #1510: 2.0.x: address var parsing issue
  • Bug #1513: stream_size <= and >= modifiers function as < and > (equality is not functional) (2.0.x)
  • Update bundled libhtp to 0.5.18

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Jérémy Beaume
  • Erik Hjelmvik
  • Alessandro Guido
  • Alexandre Macabies
  • Darren Spruell
  • Jay MJ
  • Charles Smutz

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

Training & Support

Need help installing, updating, validating and tuning Suricata? We have a training coming up in Barcelona in November: see https://suricata-ids.org/training/

For support options also see https://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 1.4.2 released!

Photo by Eric LeblondThe OISF development team is proud to announce Suricata 1.4.2. This is a minor update over the 1.4 release, fixing some important bugs.

Get the new release here: suricata-1.4.2.tar.gz

Improvements

  • No longer force “nocase” to be used on http_host
  • Invalidate rule if uppercase content is used for http_host w/o nocase
  • Warn user if bpf is used in af-packet IPS mode
  • Better test for available libjansson version

Fixes

  • Fixed accuracy issues with relative pcre matching (#784)
  • Improved accuracy of file_data keyword (#788)
  • Invalidate negative depth (#770)
  • Fix http host parsing for IPv6 addresses (#761)
  • Fix fast.log formatting issues (#773)
  • Fixed deadlock in flowvar set code for http buffers (#801)
  • Various signature ordering improvements
  • Minor stream engine fix

Special thanks

  • Ivan Ristic
  • Rmkml
  • Will Metcalf

Known issues & missing features

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 1.3.3 Available!

The OISF development team is pleased to announce Suricata 1.3.3. This is the third maintenance release of Suricata 1.3 with some important fixes.

Because of the fixes below, upgrading is highly recommended.

Download: suricata-1.3.3.tar.gz

Fixes

  • fix drop rules not working correctly when thresholded (#615)
  • fix a false possitive condition in http_header (#606)
  • fix extracted file corruption (#601)
  • fix a false possitive condition with the pcre keyword and relative matching (#588)
  • fix PF_RING set cluster problem on dma interfaces (#598)
  • improve http handling in low memory conditions (#586, #587)
  • fix FreeBSD inline mode crash (#612)
  • suppress pcre jit warning (#579)

Credits

  • Will Metcalf
  • Chris Wakelin
  • Kyle Creyts
  • Michael Hoffrath

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.