Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3758 suricata - security update 5 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: suricata Publisher: Debian Operating System: Debian GNU/Linux 8 Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-6794 CVE-2017-15377 CVE-2017-7177 Original Bulletin: https://security-tracker.debian.org/tracker/DLA-1603-1 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running suricata check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : suricata Version : 2.0.7-2+deb8u3 CVE ID : CVE-2017-7177 CVE-2017-15377 CVE-2018-6794 Debian Bug : 856648 889842 856649 Several issues were found in suricata, an intrusion detection and prevention tool. CVE-2017-7177 Suricata has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. CVE-2017-15377 It was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion- limit (3000 by default). CVE-2018-6794 Suricata is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual. TEMP-0856648-2BC2C9 (no CVE assigned yet) Out of bounds read in app-layer-dns-common.c. On a zero size A or AAAA record, 4 or 16 bytes would still be read. For Debian 8 "Jessie", these problems have been fixed in version 2.0.7-2+deb8u3. We recommend that you upgrade your suricata packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwG2NRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTzHQ/9H+wrxeKvjgXXdErkNOU4WLTmZyLXgUzC+wC6HZVTh+EEARxTARjtoVo6 oPSFDzM/ijQqDib/5ROX0Hqf962e2Uh85W54LeYfNRlLESejn0mHmQJbFlgQFCqw GEmLp9v0nqXzXz2E6tKjfi7/QmAvkPddujkQqnW4AVuTBZEkdnuBpLK2Je7HoXh1 vfGkNKwbBTX/xqN76psH5rkUAcAGVIdCoZMko1UIbY2QVHXJ63tU0iW5Z0N9g/6y 0U7wp+hQNkuMPYpySUBMgo/YO4mOlOl1MGtbZ4lKcbbivrGig7LUhBGoAE12JOqZ F5fGhuK/b8WVmh0sXbyDcjIzJp6JLU02cYoKfpvDfP6oFgQsfohSAQ2dEMqrqxoh S/vm1iHktNjXuzbzN0XQ6P8Dr+pNqmfR6z9Qv3dBG3AzEd43WS2P3NMyAA1fHsm8 vrk3p8Tb1+EyqDBIFUkHzATc2xj7Ahll6zhuJHGCEC2UhoWbETUjXLtlhV9d0gMz eM0XpAIKP+c/AHfBAI3n3PJ7chudsXgPwdCQg/fag5rKkyTVPbsCKUAOCU3WCIfc KVhwurvJbo7QnE7zja92eH9Ws0hLeMdjaQFxtKfMAPnAmY/BxCqIqm7phOyGF47N rP9cSz/AbWD6RCyE5481Tt/Z+8XFRXJgYv3oGZhPJIFvMMyVmJ4= =lHBj - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXAdQHGaOgq3Tt24GAQhvFg/7BFQELWWW4NNVGtJYrFlW661XfZToyYSz IEoX2I6xA5n4o294DS/IEpgOkcs1wv0RqT58eTXA2CzZfuNsIRzGVW/UhpDfBHzs gbfNlIGSldjapeHdHK9KYDnGIuj29pxKR6I7WVcPAAziTk7LcmKCyybQ55EgSkGC b6IRr/5awz/IfofRFQsES2JPdn71jt+2xLCAldQGtLlPJGdKTMwH2za7ix3SWb4Q SnpD797O1IypQWwV5i2IFSabaejkpEq6hnXPeUCjTgSDDbucol9FtgBHeYcGxVy1 gOHOy8MHpfQAAW0VJSg0+NDzvBTB5SZLOojixgo6eVTMaw8IXihQbM7NDCDkAz2+ 0VAlsz+rjEQceocXi9/NZiLapehmBuJPj2eXBDu/fq2PT6lIT+n2NpZlNCtwjLA0 w6n7g+tfocJ94Nv9E4AjPaOxEmKo/t2+oqryjNgOfzbUJj8WRQ/y4qXKAxV85cV4 AjN0uHWSCDRXUaXIDgn3zHiF6Ga5RhP5bxOv+APYnML7nxZjzLnN3W5nX+8FtZyB tbeR36M58AXA27plDWplwqzP6FBLQs6NmmFGPSNX6YsKnTz6NNB9AMvnXH/FlUTk b6W2aA2jjtypjbw6V5OTKKfLJ8coXYp/LF/Z53Ucvk50oJtMxt5T4BL4SZvdm+yy OYvfqOpUG0k= =QnjW -----END PGP SIGNATURE-----