Suricata 4.1.5 released

Posted on | by inliniac

We’re pleased to announce Suricata 4.1.5. This release fixes a number of issues found in the 4.1 branch. Some of the issues are security issues, so upgrading is highly recommended.

This release also adds VXLAN support, contributed by Henrik Lund Kramshoej. This was accepted into the stable branch to support Suricata deployment in AWS. Next GeoIP2 support was contributed by Bill Meeks. This was added to stable as GeoIP1 is end of life and the databases are no longer updated.

Get the release here: https://www.openinfosecfoundation.org/download/suricata-4.1.5.tar.gz

Changes

  • Feature #3068: protocol parser: vxlan (4.1.x)
  • Bug #2841: False positive alerts firing after upgrade suricata 3.0 -> 4.1.0 (4.1.x)
  • Bug #2966: filestore (v1 and v2): dropping of “unwanted” files (4.1.x)
  • Bug #3008: rust: updated libc crate causes depration warnings (4.1.x)
  • Bug #3044: tftp: missing logs because of broken tx handling (4.1.x)
  • Bug #3067: GeoIP keyword depends on now discontinued legacy GeoIP database (4.1.x)
  • Bug #3094: Fedora rawhide af-packet compilation err (4.1.x)
  • Bug #3123: bypass keyword: Suricata 4.1.x Segmentation Faults (4.1.x)
  • Bug #3129: Fixes warning about size of integers in string formats (4.1.x)
  • Bug #3159: SC_ERR_PCAP_DISPATCH with message “error code -2” upon rule reload completion (4.1.x)
  • Bug #3164: Suricata 4.1.4: NSS Shutdown triggers crashes in test mode
  • Bug #3168: tls: out of bounds read
  • Bug #3170: defrag: out of bounds read
  • Bug #3173: ipv4: ts field decoding oob read
  • Bug #3175: File_data inspection depth while inspecting base64 decoded data (4.1.x)
  • Bug #3184: decode/der: crafted input can lead to resource starvation
  • Bug #3186: Multiple Content-Length headers causes HTP_STREAM_ERROR (4.1.x)
  • Bug #3187: GET/POST HTTP-request with no Content-Length, http_client_body miss (4.1.x)

Special thanks

Bill Meeks, Henrik Lund Kramshoej, Yujie Zhao, Alexander Bluhm

Sirko Höer — Code Intelligence GmbH, DCSO.

Trainings

See https://suricata_events.eventbrite.com/ for the current list of planned training sessions.

Suricon

Suricon 2019 will happen in Amsterdam in little over a month! For tickets, trainings and sponsorships, see: https://suricon.net/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.