From: Shivani Bhardwaj Date: Fri, 28 Jun 2024 02:59:47 +0000 (+0530) Subject: changelog: update 7.0.6 CVEs and titles X-Git-Tag: suricata-7.0.7~83 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=270e49da607274ed0c11a1ce05e763c4e60d36b4;p=thirdparty%2Fsuricata.git changelog: update 7.0.6 CVEs and titles --- diff --git a/ChangeLog b/ChangeLog index 6ae3683b7a..3a3642a10b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,15 +1,15 @@ 7.0.6 -- 2024-06-26 -Security #7042: defrag: id reuse can lead to invalid reassembly (7.0.x backport)(CVE 2024-37151) -Security #7105: http2: oom from duplicate headers (7.0.x backport) -Security #7033: http/range: segv when http.memcap is reached (7.0.x backport) -Security #6988: modbus: txs without responses are never freed (7.0.x backport) +Security #7105: http2: oom from duplicate headers (7.0.x backport)(CRITICAL - CVE 2024-38535) +Security #7042: defrag: id reuse can lead to invalid reassembly (7.0.x backport)(CRITICAL - CVE 2024-37151) +Security #7033: http/range: segv when http.memcap is reached (7.0.x backport)(HIGH - CVE 2024-38536) +Security #6988: modbus: txs without responses are never freed (7.0.x backport)(HIGH - CVE 2024-38534) Bug #7107: packet: app-layer-events incorrectly used on recycled packets (7.0.x backport) Bug #7064: util/radix-tree: Possible dereference of nullptr in case of unsuccess allocation of memory for node (7.0.x backport) Bug #7063: smtp/mime: data command rejected by pipelining server does not reset data mode (7.0.x backport) Bug #7060: smtp: split name logged as 2 names (7.0.x backport) Bug #7050: af-packet: failure to start up on many threads plus high load (7.0.x backport) -Bug #7043: Crasher in HTTP chunked / StreamingBuffer (7.0.x backport) +Bug #7043: streaming/buffer: crash in HTTP body handling (7.0.x backport) Bug #7038: pcap/log: MacOS rotates file well before limit is reached (7.0.x backport) Bug #7035: time: in offline mode, time can stay behind at pcap start (7.0.x backport) Bug #7023: unix-socket: iface-bypassed-stat crash (7.0.x backport) @@ -21,16 +21,16 @@ Bug #6975: detect: log relevant frames app-layer metdata (7.0.x backport) Bug #6950: decode/ppp: decoder.event.ppp.wrong_type on valid packet (7.0.x backport) Bug #6897: detect/port: upper boundary ports are not correctly handled (7.0.x backport) Bug #6895: detect/port: port grouping does not happen correctly if gap between a single and range port (7.0.x backport) -Bug #6862: Lightweight rules profiling: crash when profiling ends (7.0.x backport) +Bug #6862: profiling/rules: crash when profiling ends (7.0.x backport) Bug #6848: alerts: wrongly using tx id 0 when there is no tx (7.0.x backport) Bug #6845: coverity: warning in port grouping code (7.0.x backport) Bug #6844: detect/port: port ranges are incorrect when a port is single as well as a part of range (7.0.x backport) -Bug #6690: Ethernet src should match src ip (7.0.x backport) +Bug #6690: eve: ethernet src_mac should match src_ip (7.0.x backport) Bug #6520: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport) Optimization #6830: detect/port: port grouping is quite slow in worst cases (7.0.x backport) Optimization #6829: detect/port: PortGroupWhitelist fn takes a lot of processing time (7.0.x backport) Feature #7010: JA4 support for TLS and QUIC (7.0.x backport) -Feature #6557: Capability to have rules profiling on pcap run (7.0.x backport) +Feature #6557: profiling/rules: allow enabling profiling for pcap file runs (7.0.x backport) Documentation #6910: userguide: document how to verify tar.gz signature (7.0.x backport) Documentation #6687: docs: port userguide build instruction changes from master-6.0.x (7.0.x backport) Documentation #6601: docs: update eBPF installation instructions (7.0.x backport)