[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 865-1] suricata security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : suricata
Version        : 1.2.1-2+deb7u1
CVE ID         : CVE-2017-7177
Debian Bug     : #856649

It was discovered that there was a vulnerability in suricata, an intrusion
detection tool; the IP protocol was not being used to match fragments with
their packets allowing a carefully constructed packet (with a different
protocol) to be matched, thus creating a packet that would not be
re-assembled by the destination host.

For Debian 7 "Wheezy", this issue has been fixed in suricata version
1.2.1-2+deb7u1.

We recommend that you upgrade your suricata packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljS+o0ACgkQHpU+J9Qx
HlgMDQ//c7XbEF8xpRO8JouSaID4ToEd30M8QzFUjv1c2NIiUVAsrGPXm4cpNQHr
XibxI7vqwy3Lp24POpcfHh2BEsRbpcHhGkFLaMUYZLDQykRC3JQ7Xl5SqxKFXNzM
ATkYWFsysOS6KrzbTMhUqK5WBJjvrmdi85W3BR54CNHtCiZ8rml/Y8sBzjWig5rY
kgtfStAy5XyYlweGJqX+lbc6qW4xCpu+qwuEu89aK3lQCXSZPPR4QZI9MTqnsywW
q+/oqsNOJnSOA6aILDaJinrsIpxzfmXo1vyweydmw9GGfGGma/O9cQWUol9hOUWr
EDGtDLOn4cHTua0KAO51C/9Y1d7SDoQi63GLLke4XqFUeK110rKJMaZ232CsUHpi
2bbVikM8bEkpCTfyIRO60vfg81w3AYcnvtm/Xd+wTKauvFCypp2LDbc6a+opmRZi
wuzN8J912wGW7mqpZf2oSoVhfNkC3GztdaojfUvAGs01t8TI/vqSi8h+WmoxY7Wz
t6Da/udLzco7OflXx6zi1TBfoHA4DHYNVzZm+wRYdiwbUOWRaWKxuOnGHgxUZ1ld
FFSD0Pj2qA2nv7miH0N0n/qzHCTkvm+ZqWMXBWPmNKL/eW6c072Gz1CokGobqMh7
XeHBiZqAe1Yg7ZjWglY+q5P+E7hmlT86eIck1IL6sETl3qda6rI=
=Lw6N
-----END PGP SIGNATURE-----


Reply to: