Software update: Suricata 4.0.5

Version 4.0.5 of Suricata has been released. Suricata is an open source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. It can be used to monitor network traffic and alert a system administrator if anything suspicious is detected. The Open Information Security Foundation is coordinating the development, with help from the community and various manufacturers. The with it on json Based logging system Eve collected data can be done with, among other things, log stash are used to display information graphically again at to give. In version 4.0, the detection capabilities have been improved, there are additional options for displaying the data and more protocols are supported. The following improvements have also been made in this update:

Security

• CVE-2018-10242, CVE-2018-10244 (suricata)
• CVE-2018-10243 (libhtp)

changes

• Bug #2480: http eve log data source/dest flip (4.0.x)
• Bug #2482: HTTP connect: difference in detection rates between 3.1 and 4.0.x
• Bug #2531: yaml: ConfYamlHandleInclude memleak (4.0.x)
• Bug #2532: memleak: when using app-layer event rules without rust
• Bug #2533: Suricata gzip unpacker bypass (4.0.x)
• Bug #2534: Suricata stops inspecting TCP stream if a TCP RST was with (4.0.x)
• Bug #2535: Messages with SC_LOG_CONFIG level are logged to syslog with EMERG priority (4.0.x)
• Bug #2537: libhtp 0.5.27 (4.0.x)
• Bug #2540: getrandom prevents any suricata start commands on more later OS’s (4.0.x)
• Bug #2544: ssh out of bounds read (4.0.x)
• Bug #2545: enip out of bounds read (4.0.x)

Logstash Kibana fed with information from Suricata with json output.