| Package | suricata |
|---|---|
| Version | 1.2.1-2+deb7u3 |
| Related CVEs | CVE-2015-0928 CVE-2015-8954 CVE-2018-6794 TEMP-0000000-C04FE8 |
CVE-2015-0928
A NULL pointer dereference allows remote attackers to cause a
denial-of-service by specially crafted network traffic.
CVE-2015-8954
The MemcmpLowercase function in Suricata improperly excludes the first
byte from comparisons, which might allow remote attackers to bypass
intrusion-prevention functionality via a crafted HTTP request.
CVE-2018-6794
Suricata is prone to an HTTP detection bypass vulnerability
in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP
flow and sends data before the 3-way handshake is complete, then the data
sent by the malicious server will be accepted by web clients such as a
web browser or Linux CLI utilities, but ignored by Suricata IDS
signatures. This mostly affects IDS signatures for the HTTP protocol and
TCP stream content; signatures for TCP packets will inspect such network
traffic as usual.
TEMP-0000000-C04FE8 (no CVE assigned yet)
If memory allocation fails and Suricata runs out of memory, a flaw in the
DCERP parser may lead to a denial-of-service (application crash).
For Debian 7 Wheezy, these problems have been fixed in version 1.2.1-2+deb7u3.
We recommend that you upgrade your suricata packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.