We’re pleased to announce Suricata 3.1.4. The most important fix is for a IPv4 defrag issue that allows evasion of detection and logging, found and reported by Jérémy Beaume. Otherwise this release is mostly a collection of smaller fixes.
Download
https://www.openinfosecfoundation.org/download/suricata-3.1.4.tar.gz
Changes
- Bug #2024: No error on missing semicolon between depth and classtype (3.1.x)
- Bug #2025: hostbits/xbits memory leak (3.1.x)
- Bug #2026: log-pcap: pcap files created with invalid snaplen (3.1.x)
- Bug #2027: BUG_ON body sometimes contains side-effectual code (3.1.x)
- Bug #2028: Mpm Ac: int overflow during init (3.1.x)
- Bug #2029: EVE Log Missing Fields (3.1.x)
- Bug #2030: Incoherent sizes between request, capture and http length (master 3.1.x)
- Bug #2031: tls-store: bug that cause Suricata to crash (3.1.x)
- Bug #2032: VLAN tags not forwarded in afpacket inline mode (3.1.x)
- Bug #2033: IPv4 defrag evasion issue (3.1.x)
Special thanks
Jérémy Beaume, Alexander Gozman, Mats Klepsland, Sascha Steinbiss, Tom DeCanio, AFL, Coverity Scan
Training & Support
The next user training will be at the Troopers17 conference in Germany, March 20 and 21. Sign up at https://www.troopers.de/events/troopers17/734_suricata_world-class_and_open_source/
For support options also see http://suricata-ids.org/support/
About Suricata
Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.