The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of important issues in the 2.0 series.
The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. This issue was reported by Kostya Kortchinsky of the Google Security Team and was fixed by Pierre Chifflier of ANSSI.
Those processing large numbers of (untrusted) pcap files need to update as a malformed pcap could crash Suricata. Again, credits go to Kostya Kortchinsky.
A number of other issues were fixed. Upgrading is highly recommended.
Download
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.8.tar.gz
We have a new release key (the previous expired): http://www.openinfosecfoundation.org/download/OISF.pub (00C1B70D)
Changes
- Bug #1450: tls parsing issue
- Bug #1460: pcap parsing issue
- Bug #1461: potential deadlock
- Bug #1404: Alert-Debuglog not being rotated on SIGHUP
- Bug #1420: inverted matching on incomplete session
- Bug #1462: various issues in rule and yaml parsing
Security
The TLS/DER parsing issue has CVE-2015-0971 assigned to it.
Special thanks
We’d like to thank the following people and corporations for their contributions and feedback:
- Kostya Kortchinsky of the Google Security Team
- Pierre Chifflier of ANSSI
- Sundar Jeyaraman of FireEye
- Darien Huss — Emerging Threats
- Alexander Gozman
- AFL project
- Coverity Scan
Known issues & missing features
If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on. See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
Training & Support
Need help installing, updating, validating and tuning Suricata? We have trainings coming up. Paris in July, Barcelona in November: see http://suricata-ids.org/training/
For support options also see http://suricata-ids.org/support/
About Suricata
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.
Comments (2)
Comments are closed.