(https://nvd.nist.gov/vuln/detail/CVE-2019-1010279): Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3. upstream patch: https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b upstream bug: https://redmine.openinfosecfoundation.org/issues/2770 (https://nvd.nist.gov/vuln/detail/CVE-2019-1010251): Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2. upstream patch[1]: https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b upstream patch[2]:https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe upstream bug: https://redmine.openinfosecfoundation.org/issues/2736 Gentoo Security Padawan (domhnall)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3fe5e0ccbcf0af56e2d7e0c2c6231a2026df2f9 commit f3fe5e0ccbcf0af56e2d7e0c2c6231a2026df2f9 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2019-12-16 18:10:25 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2019-12-16 18:10:25 +0000 net-analyzer/suricata: remove vulnerable 4.0.4 Bug: https://bugs.gentoo.org/690196 Bug: https://bugs.gentoo.org/686428 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba <marecki@gentoo.org> net-analyzer/suricata/Manifest | 1 - .../files/suricata-4.0.4_configure-lua-flags.patch | 16 -- .../suricata/files/suricata-4.0.4_sockios.patch | 13 -- .../{suricata-4.0.4-conf => suricata-5.0.0-conf} | 0 .../{suricata-4.0.4-init => suricata-5.0.0-init} | 0 net-analyzer/suricata/suricata-4.0.4.ebuild | 171 --------------------- net-analyzer/suricata/suricata-5.0.0.ebuild | 4 +- 7 files changed, 2 insertions(+), 203 deletions(-)
Reminder to the security team that this can be resolved now.
(In reply to Marek Szuba from comment #2) > Reminder to the security team that this can be resolved now. Thanks. Closing: noglsa (unstable) and tree is now clean.
