Suricata Security Update for Debian 8 LTS
Posted on: 12/05/2018 09:24 AM

Updated suricata packages has been released for Debian GNU/Linux 8 LTS to address 4 security issues

Suricata Security Update for Debian 8 LTS

Package : suricata
Version : 2.0.7-2+deb8u3
CVE ID : CVE-2017-7177 CVE-2017-15377 CVE-2018-6794
Debian Bug : 856648 889842 856649

Several issues were found in suricata, an intrusion detection and
prevention tool.


Suricata has an IPv4 defragmentation evasion issue caused by lack
of a check for the IP protocol during fragment matching.


It was possible to trigger lots of redundant checks on the content
of crafted network traffic with a certain signature, because of
DetectEngineContentInspection in detect-engine-content-inspection.c.
The search engine doesn't stop when it should after no match is
found; instead, it stops only upon reaching inspection-recursion-
limit (3000 by default).


Suricata is prone to an HTTP detection bypass vulnerability in
detect.c and stream-tcp.c. If a malicious server breaks a normal
TCP flow and sends data before the 3-way handshake is complete,
then the data sent by the malicious server will be accepted by web
clients such as a web browser or Linux CLI utilities, but ignored
by Suricata IDS signatures. This mostly affects IDS signatures for
the HTTP protocol and TCP stream content; signatures for TCP packets
will inspect such network traffic as usual.

TEMP-0856648-2BC2C9 (no CVE assigned yet)

Out of bounds read in app-layer-dns-common.c.
On a zero size A or AAAA record, 4 or 16 bytes would still be read.

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your suricata packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:

Printed from Linux Compatible (