You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa suricata

Sigurnosni nedostatak programskog paketa suricata

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-02-28 06:50:18

Name : suricata
Product : Fedora 21
Version : 2.0.7
Release : 1.fc21
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

Update Information:

This release fixes a parsing issue in the DCERPC parser that can happen when Suricata runs out of memory. The exact scope of the problem isn’t clear, but it could certainly lead to crashes. CVE-2015-0928 is assigned for this. The second issue is certain characters in the URI could confuse the parsing of the HTTP request line, leading to possible detection bypass for ‘http_uri’ and to incomplete logging of the URI. Upgrading is recommended.

* Thu Feb 26 2015 Steve Grubb <> 2.0.7-1
– New upstream security bug fix release for CVE-2015-0928
* Thu Jan 15 2015 Steve Grubb <> 2.0.6-1
– New upstream bug fix release
– Don’t use the system libhtp library
* Fri Dec 12 2014 Steve Grubb <> 2.0.5-1
– New upstream bug fix release
– Use the system libhtp library

This update can be installed with the “yum” update program. Use
su -c ‘yum update suricata’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarijo Plepelic
Cert idNCERT-REF-2015-03-0030-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa krb5

Otkriveni su sigurnosni nedostaci u programskom paketu krb5 za Fedoru 21. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje uvećanih ovlasti, izvođenje...