You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa suricata

Sigurnosni nedostatak programskog paketa suricata

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2018-787ee605a5
2018-11-17 05:14:59.338123
——————————————————————————–

Name : suricata
Product : Fedora 29
Version : 4.0.6
Release : 1.fc29
URL : http://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

——————————————————————————–
Update Information:

This update fixes a segfault in the SMTP parser. This bug is tracked as
CVE-2018-18956. There are a number of other bugfixes and performance
improvements.
——————————————————————————–
ChangeLog:

* Tue Nov 6 2018 Steve Grubb <sgrubb@redhat.com> – 4.0.6-1
– New upstream bugfix release
– Fixes CVE-2018-18956 Segmentation fault in the ProcessMimeEntity function
——————————————————————————–
References:

[ 1 ] Bug #1646984 – CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1646984
[ 2 ] Bug #1646983 – CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1646983
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-787ee605a5’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2018-cf58e1cbd1
2018-11-17 05:22:12.316790
——————————————————————————–

Name : suricata
Product : Fedora 28
Version : 4.0.6
Release : 1.fc28
URL : http://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

——————————————————————————–
Update Information:

This update fixes a segfault in the SMTP parser. This bug is tracked as
CVE-2018-18956. There are a number of other bugfixes and performance
improvements.
——————————————————————————–
ChangeLog:

* Tue Nov 6 2018 Steve Grubb <sgrubb@redhat.com> – 4.0.6-1
– New upstream bugfix release
– Fixes CVE-2018-18956 Segmentation fault in the ProcessMimeEntity function
* Mon Aug 13 2018 Steve Grubb <sgrubb@redhat.com> – 4.0.5-3
– Consolidate branches so that everything is in sync (#1614935)
* Fri Aug 10 2018 Jason Taylor <jtfas90@gmail.com> 4.0.5-2
– fixes bz#1614935
* Wed Jul 18 2018 Jason Taylor <jtfas90@gmail.com> – 4.0.5-1
– upstream security fix release
– addresses CVE-2018-10242, CVE-2018-10243, CVE-2018-10244
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> – 4.0.4-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 9 2018 Jason Taylor <jtfas90@gmail.com> – 4.0.4-2
– bumped release for build against hyperscan 5.0.0
* Mon Jul 9 2018 Jason Taylor <jtfas90@gmail.com> – 4.0.4-1
– added gcc-c++ buildrequires
——————————————————————————–
References:

[ 1 ] Bug #1646984 – CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1646984
[ 2 ] Bug #1646983 – CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1646983
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-cf58e1cbd1’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2018-d05860129f
2018-11-17 02:07:42.735913
——————————————————————————–

Name : suricata
Product : Fedora 27
Version : 4.0.6
Release : 1.fc27
URL : http://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

——————————————————————————–
Update Information:

This update fixes a segfault in the SMTP parser. This bug is tracked as
CVE-2018-18956. There are a number of other bugfixes and performance
improvements.
——————————————————————————–
ChangeLog:

* Tue Nov 6 2018 Steve Grubb <sgrubb@redhat.com> – 4.0.6-1
– New upstream bugfix release
– Fixes CVE-2018-18956 Segmentation fault in the ProcessMimeEntity function
* Mon Aug 13 2018 Steve Grubb <sgrubb@redhat.com> – 4.0.5-3
– Consolidate branches so that everything is in sync (#1614935)
* Fri Aug 10 2018 Jason Taylor <jtfas90@gmail.com> 4.0.5-2
– fixes bz#1614935
* Wed Jul 18 2018 Jason Taylor <jtfas90@gmail.com> – 4.0.5-1
– upstream security fix release
– addresses CVE-2018-10242, CVE-2018-10243, CVE-2018-10244
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> – 4.0.4-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 9 2018 Jason Taylor <jtfas90@gmail.com> – 4.0.4-2
– bumped release for build against hyperscan 5.0.0
* Mon Jul 9 2018 Jason Taylor <jtfas90@gmail.com> – 4.0.4-1
– added gcc-c++ buildrequires
* Thu Feb 15 2018 Jason Taylor <jtfas90@gmail.com> – 4.0.4-1
– fixes bz#1543250 and bz#1543251
– multiple upstream bugfixes
* Fri Feb 9 2018 Fedora Release Engineering <releng@fedoraproject.org> – 4.0.3-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Dec 11 2017 Jason Taylor <jtfas90@gmail.com> 4.0.3-2
– Added prelude support
* Fri Dec 8 2017 Jason Taylor <jtfas90@gmail.com> 4.0.3-1
– Upstream bugfix release
* Wed Oct 18 2017 Steve Grubb <sgrubb@redhat.com> 4.0.1-1
– Upstream bugfix update
* Tue Sep 26 2017 Steve Grubb <sgrubb@redhat.com> 4.0.0-2
– Make suricata user own /run/suricata (#1396150)
——————————————————————————–
References:

[ 1 ] Bug #1646984 – CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1646984
[ 2 ] Bug #1646983 – CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1646983
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-d05860129f’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

AutorJosip Papratovic
Cert idNCERT-REF-2018-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa chromium

Otkriven je sigurnosni nedostatak u programskom paketu chromium za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje čitanje podataka izvan...

Close