Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647664 (CVE-2018-6794) - <net-analyzer/suricata-4.0.4: Multiple vulnerabilities
Summary: <net-analyzer/suricata-4.0.4: Multiple vulnerabilities
Alias: CVE-2018-6794
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
Whiteboard: ~3 [noglsa cve]
Depends on: 647666
  Show dependency tree
Reported: 2018-02-14 20:05 UTC by Wojciech Myrda
Modified: 2018-06-11 14:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Wojciech Myrda 2018-02-14 20:05:56 UTC
New version is available
It fixes several issues including security related

This is a security update fixing a number of security issues, as well as a fair number of regular issues.

CVE-2018-6794 was requested for issue #2440

    Bug #2306: suricata 4 deadlocks during failed output log reopening
    Bug #2361: rule reload hangup
    Bug #2389: BUG_ON asserts in AppLayerIncFlowCounter (4.0.x)
    Bug #2392: libhtp 0.5.26 (4.0.x)
    Bug #2422: [4.0.3] af_packet: a leak that (possibly) breaks an inline channel
    Bug #2438: various config parsing issues
    Bug #2439: Fix timestamp offline when pcap timestamp is zero (4.0.x)
    Bug #2440: stream engine bypass issue (4.0.x)
    Bug #2441: der parser: bad input consumes cpu and memory (4.0.x)
    Bug #2443: DNP3 memcpy buffer overflow (4.0.x)
    Bug #2444: rust/dns: Core Dump with malformed traffic (4.0.x)
    Bug #2445: http bodies / file_data: thread space creation writing out of bounds
Comment 1 Wojciech Myrda 2018-02-14 21:06:09 UTC
I believe should be fixed prior to fixing this bug as this is library used by suricata.
Comment 2 Michael Boyle 2018-05-08 02:33:16 UTC
@maintainers ping,
Please rev bump this.

Michael Boyle
Gentoo Security Padawan
Comment 3 Larry the Git Cow gentoo-dev 2018-06-11 14:04:17 UTC
The bug has been referenced in the following commit(s):

commit 5073a26b023b9b579b550c2d92fe949d9dbda2a5
Author:     Marek Szuba <>
AuthorDate: 2018-06-11 14:03:15 +0000
Commit:     Marek Szuba <>
CommitDate: 2018-06-11 14:04:06 +0000

    net-analyzer/suricata: remove vulnerable 4.0.3
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 net-analyzer/suricata/Manifest              |   1 -
 net-analyzer/suricata/suricata-4.0.3.ebuild | 167 ----------------------------
 2 files changed, 168 deletions(-)