[SECURITY] [DLA 1508-1] suricata security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1508-1] suricata security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 20 Sep 2018 22:39:14 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1809202236160.32571@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
In-reply-to: <alpine.DEB.2.02.1809192235570.10190@jupiter.server.alteholz.net>
References: <alpine.DEB.2.02.1809192235570.10190@jupiter.server.alteholz.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Oops, sorry, I mixed up the versions. The correct version, where thisissue has been fixed, is


   2.0.7-2+deb8u2


   Thorsten


On Wed, 19 Sep 2018, Thorsten Alteholz wrote:

Package        : suricata
Version        : 2.0.7-2+deb8u1
CVE ID         : CVE-2016-10728


CVE-2016-10728
    If an ICMPv4 error packet is received as the first packet on a flow
    in the to_client direction, it can lead to missed TCP/UDP detection
    in packets arriving afterwards.


For Debian 8 "Jessie", this problem has been fixed in version
2.0.7-2+deb8u1.

We recommend that you upgrade your suricata packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJbpAVyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHW/wP/3/TsKLFaCu4ubYNkt5++o/m
RorRsAaZwFohV5/8+Y8FwcerfRtPIeR+VvD2hMECslF4mOrPMtgpxdXMoF7Wg2S7
/g/nA9uMRF5w3cyoBox7xEokkU3ki+7UK9270B6yqjLllgsG6rkKXSghP2emoFm0
som4hMgwIEQiIzjmoX22vlK5Cna3phLV8rRaOO+WjBJ50wNJod11/asvoRiF+QVX
24tpCELn3G/apa6zWUEAa18L6gu+Pc1Y1jouB2QYhUMExxet9HkrtQiwFZyitOaA
LHTZTNpVr0aRMRXSmyulIrj2f7XXnqRmAgwZfFUcn8ud2zfHnk6qTUgRFjlIrXo2
LQkKHLabTKE9FnhhtqGemaO4qUNYxlBV58WPwJz6MY4BHgS/40qS8ybvkJNGNl/Y
4JUGnuDKt9kYF8nXK9IEslxz+QPQDmjZrOukZqsMpacxE3Kad9RJE/lCTmVD4bhy
LHfZ1biy/31bPHt39YpnkK6/O35k1MrSNWKM5GdubM4jtPcd7GyqtRY79E7Gvu5O
7bYqgTMrBs41SwNj+Fa9ejboD1bIy9X0zQxVn+w549cXGxYvh9PSB9cDKmhhdaY6
WB5SfJQP8WW9u6M693ddIyMeE3Ob5SKpfC1Sp9n6pnKSaA/UgSwijOh4/oGJ9J0A
WsJmsm6InYB4mBUzJFNi
=fvzc
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Wheezy update of sympa?
Next by Date: Jessie update of salt?
Previous by thread: Re: Wheezy update of spamassassin?
Next by thread: Jessie update of salt?
Index(es):
- Date
- Thread