Bug#762828: marked as done (CVE-2014-6603: suricata: Out-of-bounds access in SSH parser)

Fri, 10 Oct 2014 04:57:39 -0700 

Your message dated Fri, 10 Oct 2014 11:52:07 +0000
with message-id <[email protected]>
and subject line Bug#762828: fixed in suricata 2.0.4-1
has caused the Debian Bug report #762828,
regarding CVE-2014-6603: suricata: Out-of-bounds access in SSH parser
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
762828: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762828
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: suricata
Version: 2.0.3-1
Severity: important
Tags: security, fixed-upstream

Hi,

It was found out that the application parser for SSH integrated in Suricata
contains a flaw that might lead to an out-of-bounds access. For this reason a
Denial of Service towards the Suricata monitoring software might be possible
using crafted packets on the monitoring interface.

More information:
http://seclists.org/fulldisclosure/2014/Sep/79
http://suricata-ids.org/2014/09/23/suricata-2-0-4-available/

Feel free to contact me in case you need any help regarding this issue.

- ---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlQkJMMACgkQXf6hBi6kbk+bIQCgom59SVZDOvoc9gcNCJJCMgV+
noYAnizbzeHzLPFWkGt8QGm/XiMYwZ3/
=1ooE
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: suricata
Source-Version: 2.0.4-1

We believe that the bug you reported is fixed in the latest version of
suricata, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Chifflier <[email protected]> (supplier of updated suricata package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 10 Oct 2014 13:19:59 +0200
Source: suricata
Binary: suricata
Architecture: source amd64
Version: 2.0.4-1
Distribution: unstable
Urgency: high
Maintainer: Pierre Chifflier <[email protected]>
Changed-By: Pierre Chifflier <[email protected]>
Description:
 suricata   - Next Generation Intrusion Detection and Prevention Tool
Closes: 762828
Changes:
 suricata (2.0.4-1) unstable; urgency=high
 .
   * Imported Upstream version 2.0.4
   * Security: fix out-of-bounds access in SSH parser (Closes: #762828)
   * Urgency high, CVE-2014-6603
     Stable and Oldstable versions are not affected.
Checksums-Sha1:
 7e2b9a8590065e0af6cca47670d8a01551791065 1671 suricata_2.0.4-1.dsc
 9463cafb77d3c7f3fc44261dba0f59c0e100620a 3085919 suricata_2.0.4.orig.tar.gz
 2368587f67ac19b5d7f8fb7ee52a4d27386f79aa 8176 suricata_2.0.4-1.debian.tar.xz
 fef06267ab2816763f1cc2ac3f3278c7ee47e241 724426 suricata_2.0.4-1_amd64.deb
Checksums-Sha256:
 28f9e5e92724eeb1d2a2c60b166f36d56e072ef17f677d5da4d6e979284aec02 1671 
suricata_2.0.4-1.dsc
 677d97a829d9e05f664c82eb0372e870d5f6e9501ccee20130dfde4014bd5084 3085919 
suricata_2.0.4.orig.tar.gz
 b4c1b9f7cda4d6b5660feb26280de3a00ae4f1af71af8988910941f1b3c63a15 8176 
suricata_2.0.4-1.debian.tar.xz
 1c07c8ef1ebacdf0ece8738e88066c92ba4ffb4665381e2c21ed635d7342d17b 724426 
suricata_2.0.4-1_amd64.deb
Files:
 3d879d66c418f2dee494d348968f04c1 724426 net optional suricata_2.0.4-1_amd64.deb
 c30b8fe78ddd91cb6ac71339d929cd76 1671 net optional suricata_2.0.4-1.dsc
 90eb4368480c46917c145ff2cb0b6b64 3085919 net optional 
suricata_2.0.4.orig.tar.gz
 da862bee4b615496a26ba758d950b22f 8176 net optional 
suricata_2.0.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUN8IXAAoJEFqCeQfe0MQYnL4H/jZXOgxwOwSDBapUvsCm1OaC
9S6jnFL8nuvADWpNs7T7tY72hAqRs9hPV2aDiyTVTY/AQzCKpcqaWBIibRqg+Y5n
dt89lU7Uq07KJ0JKdvZ/nWeZZFlRwBvYpt1FUm2kfiVscjI2kd9WdTyOYclgAl/7
eE7d9VzJLODgwJXQKEA7o3SqtUlh3/0fe59gfl3yIY30FJai1Zg3Mfe43ocNygzj
3zSL4KlOfJ5jDKHN6EmUnYkW3vET8CsK/aOWNjtJq5LRiqpOqkBaBneLFEpQ2Wmr
VjJGp///fOqVIzWeCQuTZ5hL2LkMztf8x7EvmwJ+6meJhFvihhlzN3h19spyQsU=
=ORJR
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to