We’re pleased to announce Suricata 5.0.1. This release fixes a number of issues found in the 5.0 branch. There are still a number of open issues that we are working on. See our 5.0.2 target here: https://redmine.openinfosecfoundation.org/versions/142
This release fixes a number of IPv4 and TCP evasion issues reported by Nicolas Adba.
Get the release here: https://www.openinfosecfoundation.org/download/suricata-5.0.1.tar.gz
Changes
- Bug #1871: intermittent abort()s at shutdown and in unix-socket
- Bug #2810: enabling add request/response http headers in master
- Bug #3047: byte_extract does not work in some situations
- Bug #3073: AC_CHECK_FILE on cross compile
- Bug #3103: –engine-analysis warning for flow on an icmp request rule
- Bug #3120: nfq_handle_packet error -1 Resource temporarily unavailable warnings
- Bug #3237: http_accept not treated as sticky buffer by –engine-analysis
- Bug #3254: tcp: empty SACK option leads to decoder event
- Bug #3263: nfq: invalid number of bytes reported
- Bug #3264: EVE DNS Warning about defaulting to v2 as version is not set.
- Bug #3266: fast-log: icmp type prints wrong value
- Bug #3267: Support for tcp.hdr Behavior
- Bug #3275: address parsing: memory leak in error path
- Bug #3277: segfault when test a nfs pcap file
- Bug #3281: Impossible to cross-compile due to AC_CHECK_FILE
- Bug #3284: hash function for string in dataset is not correct
- Bug #3286: TCP evasion technique by faking a closed TCP session
- Bug #3324: TCP evasion technique by overlapping a TCP segment with a fake packet
- Bug #3328: bad ip option evasion
- Bug #3340: DNS: DNS over TCP transactions logged with wrong direction.
- Bug #3341: tcp.hdr content matches don’t work as expected
- Bug #3345: App-Layer: Not all parsers register TX detect flags that should
- Bug #3346: BPF filter on command line not honored for pcap file
- Bug #3362: cross compiling not affecting rust component of surrcata
- Bug #3376: http: pipelining tx id handling broken
- Bug #3386: Suricata is unable to get MTU from NIC after 4.1.0
- Bug #3389: EXTERNAL_NET no longer working in 5.0 as expected
- Bug #3390: Eve log does not generate pcap_filename when Interacting via unix socket in pcap processing mode
- Bug #3397: smtp: file tracking issues when more than one attachment in a tx
- Bug #3398: smtp: ‘raw-message’ option file tracking issues with multi-tx
- Bug #3399: smb: post-GAP some transactions never close
- Bug #3401: smb1: ‘event only’ transactions for bad requests never close
- Bug #3411: detect/asn1: crashes on packets smaller than offset setting
- Task #3364: configure: Rust 1.37+ has cargo-vendor support bundled into cargo.
- Documentation #2885: update documentation to indicate -i can be used multiple times
- Bundle Suricata-Update 1.1.1
- Bundle Libhtp 0.5.32
Special thanks
Nicolas Adba, Alexander Gozman, Ciprian, Daisu, EmilienCourt, Fabrice Fontaine, Pascal Delalande, Steven Hostetler, Wesley van der Ree, Jason Taylor
Trainings
See https://suricata_events.eventbrite.com/ for the current list of planned training sessions.
About Suricata
Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors and the community.