Fedora 29: suricata Security Update
Summary
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.
This update fixes a segfault in the SMTP parser. This bug is tracked as
CVE-2018-18956. There are a number of other bugfixes and performance
improvements.
* Tue Nov 6 2018 Steve Grubb
- New upstream bugfix release
- Fixes CVE-2018-18956 Segmentation fault in the ProcessMimeEntity function
[ 1 ] Bug #1646984 - CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1646984
[ 2 ] Bug #1646983 - CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1646983
su -c 'dnf upgrade --advisory FEDORA-2018-787ee605a5' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
FEDORA-2018-787ee605a5 2018-11-17 05:14:59.338123 Product : Fedora 29 Version : 4.0.6 Release : 1.fc29 URL : https://suricata-ids.org/ Summary : Intrusion Detection System Description : The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching, and GeoIP identification. This update fixes a segfault in the SMTP parser. This bug is tracked as CVE-2018-18956. There are a number of other bugfixes and performance improvements. * Tue Nov 6 2018 Steve Grubb - 4.0.6-1 - New upstream bugfix release - Fixes CVE-2018-18956 Segmentation fault in the ProcessMimeEntity function [ 1 ] Bug #1646984 - CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1646984 [ 2 ] Bug #1646983 - CVE-2018-18956 suricata: Segmentation fault in the ProcessMimeEntity function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1646983 su -c 'dnf upgrade --advisory FEDORA-2018-787ee605a5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Change Log
References