Updated suricata packages fix security vulnerabilities
Publication date: 17 Sep 2024Modification date: 17 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-37151 , CVE-2024-38534 , CVE-2024-38535 , CVE-2024-38536
Description
CVE-2024-37151 Mishandling of multiple fragmented packets using the same
IP ID value can lead to packet reassembly failure, which can lead to
policy bypass.
CVE-2024-38534 Crafted modbus traffic can lead to unlimited resource
accumulation within a flow
CVE-2024-38535, CVE-2024-38536 Suricata can run out of memory when
parsing crafted HTTP/2 traffic.
References
- https://bugs.mageia.org/show_bug.cgi?id=33431
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJWELU75TPOICUA2UGNZDY7QQJBB7HYJ/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37151
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38534
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38536
SRPMS
9/core
- suricata-6.0.20-1.mga9