Tag Archive | stable release

Suricata 6.0.0 released

We are proud to announce Suricata 6.0. This major new release is the result of a year of work by the OISF development team and the Suricata community.

During this development cycle, the focus has been on:

  • stability and robustness
  • performance
  • support for new protocols like HTTP/2, MQTT and RFB
  • improvements to existing protocols DCERPC, SSH
  • extendibility
  • improvements to detection capabilities

Get the release here:
https://www.openinfosecfoundation.org/downloads/suricata-6.0.0.tar.gz

This release comes with libhtp 0.5.35 and Suricata-Update 1.2.0

Power of the community

A lot of the features and improvements have been made by community members:

  • MQTT (Sascha Steinbiss)
  • RFB (Frank Honza)
  • HASSH (Vadym Malakhatko)
  • ASN.1 Rust (Pierre Chifflier and Emmanuel Thompson)
  • cbindgen (Danny Browning)
  • nom 5 conversion (Pierre Chifflier)
  • Napatech bypass support (Phil Young)
  • MAC address logging in EVE (Sascha Steinbiss)
  • Geneve decoder (Ali Jad Khalil)
  • more detailed DNS logging (Simon Dugas)

List of git committers: Pierre Chifflier, Sascha Steinbiss, Emmanuel Thompson, Todd Mortimer, Vadym Malakhatko, Phil Young, Roland Fischer, Simon Dugas, Jason Taylor, Ali Jad Khalil, James Dutrisac, Joshua Lumb, Zach Kelly, Angelo Mirabella, Antti Tönkyrä, Carl Smith, Danny Browning,
Frank Honza, Giuseppe Longo, Ilya Bakhtin, Odin Jenseg, Stephen Donnelly,
Timo Sigurdsson, Tristan Fletcher, William Stearns, Xiaofan Wang,
Zackeus Bengtsson

Other contributors we’d like to especially thank: David Beckett for HTTP/2 testing and pcaps; Bastien Delvalle and Louis Jacotot (Telecom Nancy) for SMB evasion research and testcases.

Notable Optimizations

  • faster EVE log generation using our own Rust language JSON string builder
  • much better EVE log scaling by allowing a log file per thread
  • flow engine improvments – esp when under resource constraints

Securing Suricata

  • ASN1 handling is now entirely done in Rust code
  • DCERPC, SSH have been reimplemented in Rust
  • new protocols have been implemented in Rust
  • many fixes as a result of OSS-Fuzz testing

Rule language

  • from_end support for byte_jump keyword
  • bitmask support for byte_test keyword
  • byte_math support
  • flowbit OR support
  • pcrexform keyword: use pcre with substring capture as a transform
  • urldecode transform was added

For developers

  • Use cbindgen to create Rust-C bindings (Danny Browning)
  • initial plugin support
  • libfuzzer (OSS-Fuzz) support
  • clang-format support (Roland Fischer)

Removals

  • unified2 has been removed
  • filestore v1 has support has been removed
  • drop log

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 4.1.9 and 5.0.4 released

We are pleased to announce the releases of Suricata 4.1.9 and 5.0.4.

These are the second releases after Suricata joined the Oss-Fuzz program, leading to discovery of a number of (potential) security issues. We recommend upgrading as soon as possible.

For the 4.1 branch we’re also announcing the EOL date: December 31st, 2020.

Get the releases here:
https://www.openinfosecfoundation.org/download/suricata-5.0.4.tar.gz
https://www.openinfosecfoundation.org/download/suricata-4.1.9.tar.gz

Notable Changes

Libhtp has been updated to 0.5.35
5.0.4: Suricata-Update updated to 1.1.3
5.0.4: Geneve packet decoder was added (disabled by default)
5.0.4: all tickets https://redmine.openinfosecfoundation.org/versions/149
4.1.9: all tickets https://redmine.openinfosecfoundation.org/versions/148

Special Thanks

Oss-Fuzz, Coverity Scan, Ali Jad Khalil, Angelo Mirabella, Antti Tönkyrä, Emmanuel Thompson, Ilya Bakhtin

Free Webinar

Join our Free webinar next week on Suricata and OPNsense: https://www.eventbrite.com/e/webinar-opnsense-and-suricata-a-great-combination-lets-get-started-tickets-117996028297

Past webinar recording can be found in our youtube channel: https://www.youtube.com/c/OISFSuricata

Forums

Join our new Forum at https://forum.suricata.io/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 5.0.3 released

We are pleased to announce the release of Suricata 5.0.3. This is a larger than usual point release, with a number of important fixes.

This is the first release after Suricata joined the Oss-Fuzz program, leading to discovery of a number of (potential) security issues. We expect that in the coming months we’ll fix more such issues, as the fuzzers increase their coverage and we continue to improve the seed corpus.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-5.0.3.tar.gz

Changes

  • Feature #3481: GRE ERSPAN Type 1 Support
  • Feature #3613: Teredo port configuration
  • Feature #3673: datasets: add ‘dataset-remove’ unix command
  • Bug #3240: Dataset hash-size or prealloc invalid value logging
  • Bug #3241: Dataset reputation invalid value logging
  • Bug #3342: Suricata 5.0 crashes while parsing SMB data
  • Bug #3450: signature with sticky buffer with subsequent pcre check in a different buffer loads but will never match
  • Bug #3491: Backport 5 BUG_ON(strcasecmp(str, “any”) in DetectAddressParseString
  • Bug #3507: rule parsing: memory leaks
  • Bug #3526: 5.0.x Kerberos vulnerable to TCP splitting evasion
  • Bug #3534: Skip over ERF_TYPE_META records
  • Bug #3552: file logging: complete files sometimes marked ‘TRUNCATED’
  • Bug #3571: rust: smb compile warnings
  • Bug #3573: TCP Fast Open – Bypass of stateless alerts
  • Bug #3574: Behavior for tcp fastopen
  • Bug #3576: Segfault when facing malformed SNMP rules
  • Bug #3577: SIP: Input not parsed when header values contain trailing spaces
  • Bug #3580: Faulty signature with two threshold keywords does not generate an error and never match
  • Bug #3582: random failures on sip and http-evader suricata-verify tests
  • Bug #3585: htp: asan issue
  • Bug #3592: Segfault on SMTP TLS
  • Bug #3598: rules: memory leaks in pktvar keyword
  • Bug #3600: rules: bad address block leads to stack exhaustion
  • Bug #3602: rules: crash on ‘internal’-only keywords
  • Bug #3604: rules: missing ‘consumption’ of transforms before pkt_data would lead to crash
  • Bug #3606: rules: minor memory leak involving pcre_get_substring
  • Bug #3609: ssl/tls: ASAN issue in SSLv3ParseHandshakeType
  • Bug #3610: defrag: asan issue
  • Bug #3612: rules/bsize: memory issue during parsing
  • Bug #3614: build-info and configure wrongly display libnss status
  • Bug #3644: Invalid memory read on malformed rule with Lua script
  • Bug #3646: rules: memory leaks on failed rules
  • Bug #3649: CIDR Parsing Issue
  • Bug #3651: FTP response buffering against TCP stream
  • Bug #3653: Recursion stack-overflow in parsing YAML configuration
  • Bug #3660: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow
  • Bug #3665: FTP: Incorrect ftp_memuse calculation.
  • Bug #3667: Signature with an IP range creates one IPOnlyCIDRItem by signe IP address
  • Bug #3669: Rules reload with Napatech can hang Suricata UNIX manager process
  • Bug #3672: coverity: data directory handling issues
  • Bug #3674: Protocol detection evasion by packet splitting
  • Optimization #3406: filestore rules are loaded without warning when filestore is not enabled
  • Task #3478: libhtp 0.5.33
  • Task #3514: SMTP should place restraints on variable length items (e.g., filenames)
  • Documentation #3543: doc: add ipv4.hdr and ipv6.hdr
  • Bundled libhtp 0.5.33
  • Bundled Suricata-Update 1.1.2

Special thanks

Oss-Fuzz, Coverity Scan, Sascha Steinbiss, Stephen Donnelly, Jason Taylor

Free Webinar

Join our Free webinar on Hunting Threats in Encrypted traffic: https://suricata-ids.org/2020/04/14/webinar-hunting-threats-that-use-encrypted-network-traffic-with-suricata/

Forums

Join our new Forum at https://forum.suricata.io/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 4.1.8 released

We’re pleased to announce the release of Suricata 4.1.8. This is a larger than usual point release, with a number of important fixes.

This is the first release after Suricata joined the Oss-Fuzz program, leading to discovery of a number of (potential) security issues. We expect that in the coming months we’ll fix more such issues, as the fuzzers increase their coverage and we continue to improve the seed corpus.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-4.1.8.tar.gz

As announced last month, we’re keeping the 4.1 branch supported longer than originally planned. See: https://suricata-ids.org/2020/03/25/suricata-4-1-eol-update-support-extended/

Changes

  • Bug #3492: Backport 4 BUG_ON(strcasecmp(str, “any”) in DetectAddressParseString
  • Bug #3508: rule parsing: memory leaks
  • Bug #3527: 4.1.x Kerberos vulnerable to TCP splitting evasion
  • Bug #3533: Skip over ERF_TYPE_META records
  • Bug #3551: file logging: complete files sometimes marked ‘TRUNCATED’
  • Bug #3572: rust: smb compile warnings
  • Bug #3579: Faulty signature with two threshold keywords does not generate an error and never match
  • Bug #3581: random failures on sip and http-evader suricata-verify tests
  • Bug #3596: ftp: asan detects leaks of expectations
  • Bug #3599: rules: memory leaks in pktvar keyword
  • Bug #3601: rules: bad address block leads to stack exhaustion
  • Bug #3603: rules: crash on ‘internal’-only keywords
  • Bug #3605: rules: missing ‘consumption’ of transforms before pkt_data would lead to crash
  • Bug #3607: rules: minor memory leak involving pcre_get_substring
  • Bug #3608: ssl/tls: ASAN issue in SSLv3ParseHandshakeType
  • Bug #3611: defrag: asan issue
  • Bug #3633: file-store.stream-depth not working as expected when configured to a specfic value (4.1.x)
  • Bug #3645: Invalid memory read on malformed rule with Lua script
  • Bug #3647: rules: memory leaks on failed rules
  • Bug #3648: CIDR Parsing Issue
  • Bug #3650: FTP response buffering against TCP stream
  • Bug #3652: Recursion stack-overflow in parsing YAML configuration
  • Bug #3659: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow
  • Bug #3666: FTP: Incorrect ftp_memuse calculation.
  • Bug #3668: Signature with an IP range creates one IPOnlyCIDRItem by signe IP address
  • Bug #3671: Protocol detection evasion by packet splitting
  • Bug #3676: Segfault on SMTP TLS
  • Feature #3482: GRE ERSPAN Type 1 Support
  • Task #3479: libhtp 0.5.33 (4.1.x)
  • Task #3513: SMTP should place restraints on variable length items (e.g., filenames)
  • Bundled libhtp 0.5.33
  • Bundled Suricata-Update 1.0.7

Special thanks

Oss-Fuzz, Coverity Scan, Giuseppe Longo, Stephen Donnelly

Free Webinar

Join our Free webinar on Hunting Threats in Encrypted traffic: https://suricata-ids.org/2020/04/14/webinar-hunting-threats-that-use-encrypted-network-traffic-with-suricata/

Forums

Join our new Forum at https://forum.suricata.io/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 5.0.2 released

We’re pleased to announce Suricata 5.0.2. This release fixes a number of issues found in the 5.0 branch.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-5.0.2.tar.gz

Changes

  • Bug #2993: Suricata 5.0.0beta1 memory allocation of 4294966034 bytes failed
  • Bug #3380: Segfault when using multi-detect
  • Bug #3400: smb: post-GAP file tx handling
  • Bug #3424: nfs: post-GAP some transactions never close
  • Bug #3425: nfs: post-GAP file tx handling
  • Bug #3433: coverity: CID 1456679: Memory – corruptions (NEGATIVE_RETURNS)
  • Bug #3434: coverity: CID 1456680: Incorrect expression (IDENTICAL_BRANCHES)
  • Bug #3469: gcc10: compilation failure unless -fcommon is supplied (5.0.x)
  • Bug #3473: Dropping privileges does not work with NFLOG (5.0.x)
  • Documentation #3423: readthedocs shows title of documentation as “Suricata unknown documentation”

Special thanks

Jason Taylor, Timo Sigurdsson, vanlink

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 4.1.7 released

We’re pleased to announce Suricata 4.1.7. This release fixes a number of issues found in the 4.1 branch.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-4.1.7.tar.gz

Changes

  • Bug #3417: –disable-geoip does not work (4.1.x)
  • Bug #3448: Suricata 4.1 Seg Fault: Socket Control pcap-file and corrupt pcap
  • Bug #3452: smb: post-GAP file tx handling (4.1.x)
  • Bug #3453: coverity: CID 1456680: Incorrect expression (IDENTICAL_BRANCHES) (4.1.x)
  • Bug #3470: gcc10: compilation failure unless -fcommon is supplied (4.1.x)
  • Bug #3471: nfs: post-GAP some transactions never close (4.1.x)
  • Bug #3472: nfs: post-GAP file tx handling (4.1.x)
  • Bug #3474: Dropping privileges does not work with NFLOG (4.1.x)

Special thanks

Danny Browning, Fabrice Fontaine, Timo Sigurdsson, vanlink

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 5.0.1 released

We’re pleased to announce Suricata 5.0.1. This release fixes a number of issues found in the 5.0 branch. There are still a number of open issues that we are working on. See our 5.0.2 target here: https://redmine.openinfosecfoundation.org/versions/142

This release fixes a number of IPv4 and TCP evasion issues reported by Nicolas Adba.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-5.0.1.tar.gz

Changes

  • Bug #1871: intermittent abort()s at shutdown and in unix-socket
  • Bug #2810: enabling add request/response http headers in master
  • Bug #3047: byte_extract does not work in some situations
  • Bug #3073: AC_CHECK_FILE on cross compile
  • Bug #3103: –engine-analysis warning for flow on an icmp request rule
  • Bug #3120: nfq_handle_packet error -1 Resource temporarily unavailable warnings
  • Bug #3237: http_accept not treated as sticky buffer by –engine-analysis
  • Bug #3254: tcp: empty SACK option leads to decoder event
  • Bug #3263: nfq: invalid number of bytes reported
  • Bug #3264: EVE DNS Warning about defaulting to v2 as version is not set.
  • Bug #3266: fast-log: icmp type prints wrong value
  • Bug #3267: Support for tcp.hdr Behavior
  • Bug #3275: address parsing: memory leak in error path
  • Bug #3277: segfault when test a nfs pcap file
  • Bug #3281: Impossible to cross-compile due to AC_CHECK_FILE
  • Bug #3284: hash function for string in dataset is not correct
  • Bug #3286: TCP evasion technique by faking a closed TCP session
  • Bug #3324: TCP evasion technique by overlapping a TCP segment with a fake packet
  • Bug #3328: bad ip option evasion
  • Bug #3340: DNS: DNS over TCP transactions logged with wrong direction.
  • Bug #3341: tcp.hdr content matches don’t work as expected
  • Bug #3345: App-Layer: Not all parsers register TX detect flags that should
  • Bug #3346: BPF filter on command line not honored for pcap file
  • Bug #3362: cross compiling not affecting rust component of surrcata
  • Bug #3376: http: pipelining tx id handling broken
  • Bug #3386: Suricata is unable to get MTU from NIC after 4.1.0
  • Bug #3389: EXTERNAL_NET no longer working in 5.0 as expected
  • Bug #3390: Eve log does not generate pcap_filename when Interacting via unix socket in pcap processing mode
  • Bug #3397: smtp: file tracking issues when more than one attachment in a tx
  • Bug #3398: smtp: ‘raw-message’ option file tracking issues with multi-tx
  • Bug #3399: smb: post-GAP some transactions never close
  • Bug #3401: smb1: ‘event only’ transactions for bad requests never close
  • Bug #3411: detect/asn1: crashes on packets smaller than offset setting
  • Task #3364: configure: Rust 1.37+ has cargo-vendor support bundled into cargo.
  • Documentation #2885: update documentation to indicate -i can be used multiple times
  • Bundle Suricata-Update 1.1.1
  • Bundle Libhtp 0.5.32

Special thanks

Nicolas Adba, Alexander Gozman, Ciprian, Daisu, EmilienCourt, Fabrice Fontaine, Pascal Delalande, Steven Hostetler, Wesley van der Ree, Jason Taylor

Trainings

See https://suricata_events.eventbrite.com/ for the current list of planned training sessions.

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 4.1.6 released

We’re pleased to announce Suricata 4.1.6. This release fixes a number of issues found in the 4.1 branch.

This release fixes a number of IPv4 and TCP evasion issues reported by Nicolas Adba.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-4.1.6.tar.gz

Changes

  • Bug #3276: address parsing: memory leak in error path (4.1.x)
  • Bug #3278: segfault when test a nfs pcap file (4.1.x)
  • Bug #3279: ikev2 enabled in config even if Rust is disabled
  • Bug #3325: lua issues on arm (fedora:29) (4.1.x)
  • Bug #3326: Static build with pcap fails (4.1.x)
  • Bug #3327: tcp: empty SACK option leads to decoder event (4.1.x)
  • Bug #3347: BPF filter on command line not honored for pcap file (4.1.x)
  • Bug #3355: DNS: DNS over TCP transactions logged with wrong direction. (4.1.x)
  • Bug #3356: DHCP: Slow down over time due to lack of detect flags (4.1.x)
  • Bug #3369: byte_extract does not work in some situations (4.1.x)
  • Bug #3385: fast-log: icmp type prints wrong value (4.1.x)
  • Bug #3387: suricata is logging tls log repeatedly if custom mode is enabled (4.1.x)
  • Bug #3388: TLS Lua output does not work without TLS log (4.1.x)
  • Bug #3391: Suricata is unable to get MTU from NIC after 4.1.0 (4.1.x)
  • Bug #3393: http: pipelining tx id handling broken (4.1.x)
  • Bug #3394: TCP evasion technique by overlapping a TCP segment with a fake packet (4.1.x)
  • Bug #3395: TCP evasion technique by faking a closed TCP session (4.1.x)
  • Bug #3402: smb: post-GAP some transactions never close (4.1.x)
  • Bug #3403: smb1: ‘event only’ transactions for bad requests never close (4.1.x)
  • Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x)
  • Bug #3405: Filehash rule does not fire without filestore keyword
  • Bug #3410: intermittent abort()s at shutdown and in unix-socket (4.1.x)
  • Bug #3412: detect/asn1: crashes on packets smaller than offset setting (4.1.x)
  • Task #3367: configure: Rust 1.37+ has cargo-vendor support bundled into cargo (4.1.x)
  • Bundle Suricata-Update 1.0.6
  • Bundle Libhtp 0.5.32

Special thanks

Nicolas Adba, Mats Klepsland, Fabrice Fontaine

Trainings

See https://suricata_events.eventbrite.com/ for the current list of planned training sessions.

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 4.1.5 released

We’re pleased to announce Suricata 4.1.5. This release fixes a number of issues found in the 4.1 branch. Some of the issues are security issues, so upgrading is highly recommended.

This release also adds VXLAN support, contributed by Henrik Lund Kramshoej. This was accepted into the stable branch to support Suricata deployment in AWS. Next GeoIP2 support was contributed by Bill Meeks. This was added to stable as GeoIP1 is end of life and the databases are no longer updated.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-4.1.5.tar.gz

Changes

  • Feature #3068: protocol parser: vxlan (4.1.x)
  • Bug #2841: False positive alerts firing after upgrade suricata 3.0 -> 4.1.0 (4.1.x)
  • Bug #2966: filestore (v1 and v2): dropping of “unwanted” files (4.1.x)
  • Bug #3008: rust: updated libc crate causes depration warnings (4.1.x)
  • Bug #3044: tftp: missing logs because of broken tx handling (4.1.x)
  • Bug #3067: GeoIP keyword depends on now discontinued legacy GeoIP database (4.1.x)
  • Bug #3094: Fedora rawhide af-packet compilation err (4.1.x)
  • Bug #3123: bypass keyword: Suricata 4.1.x Segmentation Faults (4.1.x)
  • Bug #3129: Fixes warning about size of integers in string formats (4.1.x)
  • Bug #3159: SC_ERR_PCAP_DISPATCH with message “error code -2” upon rule reload completion (4.1.x)
  • Bug #3164: Suricata 4.1.4: NSS Shutdown triggers crashes in test mode
  • Bug #3168: tls: out of bounds read
  • Bug #3170: defrag: out of bounds read
  • Bug #3173: ipv4: ts field decoding oob read
  • Bug #3175: File_data inspection depth while inspecting base64 decoded data (4.1.x)
  • Bug #3184: decode/der: crafted input can lead to resource starvation
  • Bug #3186: Multiple Content-Length headers causes HTP_STREAM_ERROR (4.1.x)
  • Bug #3187: GET/POST HTTP-request with no Content-Length, http_client_body miss (4.1.x)

Special thanks

Bill Meeks, Henrik Lund Kramshoej, Yujie Zhao, Alexander Bluhm

Sirko Höer — Code Intelligence GmbH, DCSO.

Trainings

See https://suricata_events.eventbrite.com/ for the current list of planned training sessions.

Suricon

Suricon 2019 will happen in Amsterdam in little over a month! For tickets, trainings and sponsorships, see: https://suricon.net/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.

Suricata 4.1.4 released

We’re pleased to announce Suricata 4.1.4. This release fixes a number of issues found in the 4.1 branch.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-4.1.4.tar.gz

Changes

  • Bug #2870: pcap logging with lz4 coverity warning
  • Bug #2883: ssh: heap buffer overflow
  • Bug #2884: mpls: heapbuffer overflow in file decode-mpls.c
  • Bug #2887: decode-ethernet: heapbuffer overflow in file decode-ethernet.c
  • Bug #2888: 4.1.3 core in HCBDCreateSpace
  • Bug #2894: smb 1 create andx request does not parse the filename correctly
  • Bug #2902: rust/dhcp: panic in dhcp parser
  • Bug #2903: mpls: cast of misaligned data leads to undefined behavior
  • Bug #2904: rust/ftp: panic in ftp parser
  • Bug #2943: rust/nfs: integer underflow
  • This release includes Suricata-Update 1.0.5

Special thanks

Alexander Bluhm, Giuseppe Longo, Max Fillinger, Wesley van der Ree, Jason Taylor
Sirko Höer — Code Intelligence GmbH, DCSO.

Trainings

See https://suricata_events.eventbrite.com/ for the current list of planned training sessions.

Suricon

The CFP for Suricon 2019 is open! Submit your talk proposal at: https://suricon.net/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.