Fedora 28: FEDORA-2018-cf58e1cbd1 Moderate Segmentation Fault in Suricata

The Suricata Engine is an Open Source Next Generation Intrusion

Detection and Prevention Engine. This engine is not intended to

just replace or emulate the existing tools in the industry, but

will bring new ideas and technologies to the field. This new Engine

supports Multi-threading, Automatic Protocol Detection (IP, TCP,

UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP

Matching, and GeoIP identification.

This update fixes a segfault in the SMTP parser. This bug is tracked as

CVE-2018-18956. There are a number of other bugfixes and performance

improvements.

* Tue Nov 6 2018 Steve Grubb - 4.0.6-1

- New upstream bugfix release

- Fixes CVE-2018-18956 Segmentation fault in the ProcessMimeEntity function

* Mon Aug 13 2018 Steve Grubb - 4.0.5-3

- Consolidate branches so that everything is in sync (#1614935)

* Fri Aug 10 2018 Jason Taylor 4.0.5-2

- fixes bz#1614935

* Wed Jul 18 2018 Jason Taylor - 4.0.5-1

- upstream security fix release

- addresses CVE-2018-10242, CVE-2018-10243, CVE-2018-10244

* Sat Jul 14 2018 Fedora Release Engineering - 4.0.4-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Mon Jul 9 2018 Jason Taylor - 4.0.4-2

- bumped release for build against hyperscan 5.0.0

* Mon Jul 9 2018 Jason Taylor - 4.0.4-1

- added gcc-c++ buildrequires

[ 1 ] Bug #1646984 - CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1646984

[ 2 ] Bug #1646983 - CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1646983

su -c 'dnf upgrade --advisory FEDORA-2018-cf58e1cbd1' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/