diff mbox series

[2/2] suricata: Update to 7.0.9

Message ID	20250319161626.625056-2-matthias.fischer@ipfire.org
State	Staged
Commit	7b333a241306273599367c946c00ea6f5b3920b2
Headers	From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 2/2] suricata: Update to 7.0.9 Date: Wed, 19 Mar 2025 17:16:22 +0100 Message-ID: <20250319161626.625056-2-matthias.fischer@ipfire.org> In-Reply-To: <20250319161626.625056-1-matthias.fischer@ipfire.org> References: <20250319161626.625056-1-matthias.fischer@ipfire.org> Precedence: list Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[1/2] libhtp: Update to 0.5.50 \| [1/2] libhtp: Update to 0.5.50 [2/2] suricata: Update to 7.0.9

Commit Message

Matthias Fischer March 19, 2025, 4:16 p.m. UTC

  Excerpt from changelog:
"7.0.9 -- 2025-03-18

Security #7616: datasets: hashsize setting via rules can cause high
memory usage (7.0.x backport)(MODERATE - CVE 2025-29916)

Security #7614: decode_base64: signature can do large memory
allocation (7.0.x backport)(HIGH - CVE 2025-29917)

Security #7527: detect: infinite loop with negated pcre and indefinite
recursion limit setting (7.0.x backport)(HIGH - CVE 2025-29918)

Security #7459: af-packet: defrag option can lead to truncated packets
(7.0.x backport)(HIGH - CVE 2025-29915)

Bug #7581: detect: missing file.data matches without filestore (7.0.x
backport)

Bug #7561: detect: integer underflow with krb5.ticket_encryption (7.0.x
backport)

Bug #7557: quic: valid traffic blocked in IPS mode (7.0.x backport)

Bug #7555: tls: parser error on unACK'd data in FIN shutdown (7.0.x
backport)

Bug #7553: applayer: misdetection if response is seen first without
request (7.0.x backport)

Bug #7496: detect: protocol probing doesn't finish earlier if opposite
dir already had a protocol  (7.0.x backport)

Bug #7493: flow/var: memory leak in lua extension (7.0.x backport)
Bug #7468: detect: checksum detection broken by stream.checksum-validation
(7.0.x backport)

Bug #7460: eve: empty src_ip and dest_ip values may be logged

Bug #7448: log/file: nullptr dereference if file was opened more than once
(7.0.x backport)

Bug #7431: flow: multiple Flow Managers scan wrong hash slices (7.0.x
backport)

Bug #7428: tcp: GAP event set on unack'd data following a RST (7.0.x
backport)

Optimization #7088: applayer: track modified transactions to avoid walking
all live transactions (7.0.x backport)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/suricata | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff mbox series

Patch

diff --git a/lfs/suricata b/lfs/suricata
index 2b05c3c54..56733125d 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 7.0.8
+VER        = 7.0.9
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 8571a6368b90e18046cdcf71f53e1b59e895ea8fe2d8f996ef614a890b520671f5dcac10014555880e408060913df1dab4c473bf083e7c0451c6a4b93bedd047
+$(DL_FILE)_BLAKE2 = fe01a304b170cf210b3ad2c782c6a49798c67df5433498715101ba626548395a70793a50221390f6697d1aef2be1808ba430091dae097e350dd2a9c98677a61b
 
 install : $(TARGET)