Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: FEDORA-2025-2a295896e6 high: Suricata critical performance issue

fedora
Calendar Grey April 3, 2025
Dist Fedora Esm H88
Addresses significant vulnerabilities within Suricata impacting AF_PACKET functionality, introducing enhancements for both performance and stability in Fedora 40.
This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up

Summary

The Suricata Engine is an Open Source Next Generation Intrusion

Detection and Prevention Engine. This engine is not intended to

just replace or emulate the existing tools in the industry, but

will bring new ideas and technologies to the field. This new Engine

supports Multi-threading, Automatic Protocol Detection (IP, TCP,

UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP

Matching, and GeoIP identification.

Update Information:

This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed. Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes: CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate

Topics%20covered

Topics Covered

security advisory critical issue intrusion detection fedora performance fix suricata

Change Log

* Tue Mar 25 2025 Steve Grubb 7.0.10-1 - New bugfix release * Tue Mar 18 2025 Steve Grubb 7.0.9-1 - New security and bugfix release * Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 7.0.8-3 - Add sysusers.d config file to allow rpm to create users/groups automatically * Sun Jan 19 2025 Fedora Release Engineering - 7.0.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

References

Fedora Update Notification FEDORA-2025-2a295896e6 2025-04-03 01:51:21.151653+00:00
Name : suricata Product : Fedora 40 Version : 7.0.10 Release : 1.fc40 URL : Summary : Intrusion Detection System Description : The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching, and GeoIP identification.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2a295896e6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: suricata
Product: Fedora 40
Version: 7.0.10
Release: 1.fc40
URL:
Summary: Intrusion Detection System

Topics%20covered

Topics Covered

security advisory critical issue intrusion detection fedora performance fix suricata

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here