Release notes (https://suricata-ids.org/2020/04/28/suricata-5-0-3-released/, truncated):
This is the first release after Suricata joined the Oss-Fuzz program, leading to
discovery of a number of (potential) security issues. We expect that in the coming
months we’ll fix more such issues, as the fuzzers increase their coverage and we
continue to improve the seed corpus.
Feature #3481: GRE ERSPAN Type 1 Support
Feature #3613: Teredo port configuration
Feature #3673: datasets: add ‘dataset-remove’ unix command
Bug #3240: Dataset hash-size or prealloc invalid value logging
Bug #3241: Dataset reputation invalid value logging
Bug #3342: Suricata 5.0 crashes while parsing SMB data
Bug #3450: signature with sticky buffer with subsequent pcre check in a different buffer loads but will never match
Bug #3491: Backport 5 BUG_ON(strcasecmp(str, “any”) in DetectAddressParseString
Bug #3507: rule parsing: memory leaks
Bug #3526: 5.0.x Kerberos vulnerable to TCP splitting evasion
Bug #3534: Skip over ERF_TYPE_META records
Bug #3552: file logging: complete files sometimes marked ‘TRUNCATED’
Bug #3571: rust: smb compile warnings
Bug #3573: TCP Fast Open – Bypass of stateless alerts
Bug #3574: Behavior for tcp fastopen
Bug #3576: Segfault when facing malformed SNMP rules
Bug #3577: SIP: Input not parsed when header values contain trailing spaces
Bug #3580: Faulty signature with two threshold keywords does not generate an error and never match
Bug #3582: random failures on sip and http-evader suricata-verify tests
Bug #3585: htp: asan issue
Bug #3592: Segfault on SMTP TLS
Bug #3598: rules: memory leaks in pktvar keyword
Bug #3600: rules: bad address block leads to stack exhaustion
Bug #3602: rules: crash on ‘internal’-only keywords
Bug #3604: rules: missing ‘consumption’ of transforms before pkt_data would lead to crash
Bug #3606: rules: minor memory leak involving pcre_get_substring
Bug #3609: ssl/tls: ASAN issue in SSLv3ParseHandshakeType
Bug #3610: defrag: asan issue
Bug #3612: rules/bsize: memory issue during parsing
Bug #3614: build-info and configure wrongly display libnss status
Bug #3644: Invalid memory read on malformed rule with Lua script
Bug #3646: rules: memory leaks on failed rules
Bug #3649: CIDR Parsing Issue
Bug #3651: FTP response buffering against TCP stream
Bug #3653: Recursion stack-overflow in parsing YAML configuration
Bug #3660: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow
Bug #3665: FTP: Incorrect ftp_memuse calculation.
Bug #3667: Signature with an IP range creates one IPOnlyCIDRItem by signe IP address
Bug #3669: Rules reload with Napatech can hang Suricata UNIX manager process
Bug #3672: coverity: data directory handling issues
Bug #3674: Protocol detection evasion by packet splitting
Optimization #3406: filestore rules are loaded without warning when filestore is not enabled
Task #3478: libhtp 0.5.33
Task #3514: SMTP should place restraints on variable length items (e.g., filenames)
Documentation #3543: doc: add ipv4.hdr and ipv6.hdr
Bundled libhtp 0.5.33
Bundled Suricata-Update 1.1.2
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Excerpt from 'ChangeLog':
"4.1.6 -- 2019-12-13
Bug #3276: address parsing: memory leak in error path (4.1.x)
Bug #3278: segfault when test a nfs pcap file (4.1.x)
Bug #3279: ikev2 enabled in config even if Rust is disabled
Bug #3325: lua issues on arm (fedora:29) (4.1.x)
Bug #3326: Static build with pcap fails (4.1.x)
Bug #3327: tcp: empty SACK option leads to decoder event (4.1.x)
Bug #3347: BPF filter on command line not honored for pcap file (4.1.x)
Bug #3355: DNS: DNS over TCP transactions logged with wrong direction. (4.1.x)
Bug #3356: DHCP: Slow down over time due to lack of detect flags (4.1.x)
Bug #3369: byte_extract does not work in some situations (4.1.x)
Bug #3385: fast-log: icmp type prints wrong value (4.1.x)
Bug #3387: suricata is logging tls log repeatedly if custom mode is enabled (4.1.x)
Bug #3388: TLS Lua output does not work without TLS log (4.1.x)
Bug #3391: Suricata is unable to get MTU from NIC after 4.1.0 (4.1.x)
Bug #3393: http: pipelining tx id handling broken (4.1.x)
Bug #3394: TCP evasion technique by overlapping a TCP segment with a fake packet (4.1.x)
Bug #3395: TCP evasion technique by faking a closed TCP session (4.1.x)
Bug #3402: smb: post-GAP some transactions never close (4.1.x)
Bug #3403: smb1: 'event only' transactions for bad requests never close (4.1.x)
Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x)
Bug #3405: Filehash rule does not fire without filestore keyword
Bug #3410: intermittent abort()s at shutdown and in unix-socket (4.1.x)
Bug #3412: detect/asn1: crashes on packets smaller than offset setting (4.1.x)
Task #3367: configure: Rust 1.37+ has cargo-vendor support bundled into cargo (4.1.x)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This is a minor update to the latest available version from
the suricata 4.1 series.
Fixes#12068.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
These files needs to have nobody.nobody as owner but requires read-acces from everyone
to allow the suricata user reading-in this files during startup.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This config file is mostly based on the example configuration shipped
by the suricata project and needs to be enhanched.
See #11808.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
