We are pleased to announce Suricata 3.2.4. This a security update fixing important issues. Additionally, it fixes various minor issues.

Changes

Bug #2241: smb dcerpc segfaults in StubDataParser (3.2.x)

Bug #2231: Redundant content checks may cause Suricata DoS condition on a insignificant traffic rate

Bug #2214: detect state uses broken offset logic

Bug #2234: TLS rule mixes up server and client certificates (3.2.x)

Bug #2235: DNS UDP “Response” parsing recording an incorrect timestamp (3.2.x)

Bug #2236: af_packet: suricata leaks memory with use-mmap enabled and incorrect BPF filter (3.2.x)

Bug #2237: Redis output: add RPUSH support (3.2.x)

Bug #2238: detect duplicate ‘meta’ keywords (3.2.x)

Bug #2239: documentation does not reflect current suricata.yaml regarding cpu-affinity (3.2.x)

Bug #2242: improve error message if stream memcap too low (3.2.x)

Bug #2243: enforcing specific number of threads with autofp does not seem to work (3.2.x)

Download

https://www.openinfosecfoundation.org/download/suricata-3.2.4.tar.gz

End of life announcement

The 3.2 branch will be end-of-life in 2 months, so on December 18. After this it will receive no more updates of any kind, so please plan for your upgrade to Suricata 4.0+ before that date.

https://suricata-ids.org/about/eol-policy/

Special thanks

Jack Covington, Kirill Shipulin – Positive Technologies, Qidu Sy, Mats Klepsland, Derek Kingsbury, Julian Wecke, Alexander Gozman, AFL project, Coverity Scan

Trainings

User Training at SuriCon 2017, in Prague: https://www.eventbrite.com/e/2-day-suricata-training-suricon-2017-tickets-32303327121

New: rule writing training ‘SigDev’ at SuriCon: https://www.eventbrite.com/e/2-day-sigdev-training-suricon-2017-tickets-36460477269

Conference attendees get a 20% discount!

SuriCon 2017

Less than one month to SuriCon 2017! Come meet the Suricata community and development team to discuss all things Suricata at the third edition of the annual Suricata Conference. SuriCon 2017 will be next month in Prague: https://suricon.net

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.