Software update: Suricata 4.1.5

Version 4.1.5 of Suricata has been released. Suricata is an open source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. It can be used to monitor network traffic and alert a system administrator if anything suspicious is detected. The Open Information Security Foundation is coordinating the development, with help from the community and various manufacturers. The with it on json Based logging system Eve collected data can be done with, among other things, log stash are used to display information graphically again at to give. The changelog for this release looks like this:

Suricata 4.1.5 released

This release fixes a number of issues found in the 4.1 branch. Some of the issues are security issues, so upgrading is highly recommended.

This release also adds VXLAN support, contributed by Henrik Lund Kramshoej. This was accepted into the stable branch to support Suricata deployment in AWS. Next GeoIP2 support was contributed by Bill Meeks. This was added to stable as GeoIP1 is end of life and the databases are no longer updated.

changes

• Feature #3068: protocol parser: vxlan (4.1.x)
• Bug #2841: False positive alerts firing after upgrade suricata 3.0 -> 4.1.0 (4.1.x)
• Bug #2966: filestore (v1 and v2): dropping of “unwanted” files (4.1.x)
• Bug #3008: rust: updated libc crate causes depration warnings (4.1.x)
• Bug #3044: tftp: missing logs because of broken tx handling (4.1.x)
• Bug #3067: GeoIP keyword depends on now discontinued legacy GeoIP database (4.1.x)
• Bug #3094: Fedora rawhide af-packet compilation err (4.1.x)
• Bug #3123: bypass keyword: Suricata 4.1.x Segmentation Faults (4.1.x)
• Bug #3129: Fixes warning about size of integers in string formats (4.1.x)
• Bug #3159: SC_ERR_PCAP_DISPATCH with message “error code -2” upon rule reload completion (4.1.x)
• Bug #3164: Suricata 4.1.4: NSS Shutdown triggers crashes in test mode
• Bug #3168: tls: out of bounds read
• Bug #3170: defrag: out of bounds read
• Bug #3173: ipv4: ts field decoding oob read
• Bug #3175: File_data inspection depth while inspecting base64 decoded data (4.1.x)
• Bug #3184: decode/der: crafted input can lead to resource starvation
• Bug #3186: Multiple Content-Length headers causes HTP_STREAM_ERROR (4.1.x)
• Bug #3187: GET/POST HTTP request with no Content-Length, http_client_body miss (4.1.x)

Logstash Kibana fed with information from Suricata with json output.