logo
DATABASE RESOURCES PRICING ABOUT US

Debian DLA-1751-1 : suricata security update

Description

Multiple vulnerabilities have been found in suricata, the network threat detection engine : CVE-2018-10242 Missing length check causing out-of-bounds read in SSHParseBanner (app-layer-ssh.c). Remote attackers might leverage this vulnerability to cause DoS or potentially unauthorized disclosure of information. CVE-2018-10243 Unexpected end of Authorization field causing heap-based buffer over-read in htp_parse_authorization_digest (htp_parsers.c, from the embedded copy of LibHTP). Remote attackers might leverage this vulnerability to cause DoS or potentially unauthorized disclosure of information. For Debian 8 'Jessie', these problems have been fixed in version 2.0.7-2+deb8u4. We recommend that you upgrade your suricata packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Related