Download Suricata 2.0.8

Version 2.0.8 of Suricata has been released. Suricata is an open source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. It can be used to monitor network traffic and alert a system administrator if anything suspicious is detected. Development is overseen by the Open Information Security Foundation, with support from the community and various manufacturers. The main change in version 2.0 is Eve, a fully op json based logging system. Eve can, among other things, with log stash are used to display information graphically again at to give† The changelog for this release looks like this:

Suricata 2.0.8 Available!

The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of important issues in the 2.0 series.

The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. This issue was reported by Kostya Kortchinsky of the Google Security Team and was fixed by Pierre Chifflier of ANSSI.

Those processing large numbers of (untrusted) pcap files need to update as a malformed pcap could crash Suricata. Again, credits go to Kostya Kortchinsky.

A number of other issues were fixed. Upgrading is highly recommended.

changes

• Bug #1450: tls parsing issue
• Bug #1460: pcap parsing issue
• Bug #1461: potential deadlock
• Bug #1404: Alert-Debuglog not being rotated on SIGHUP
• Bug #1420: inverted matching on incomplete session
• Bug #1462: various issues in rule and yaml parsing

Security
The TLS/DER parsing issue has CVE-2015-0971 assigned to it.

Logstash Kibana fed with information from Suricata with json output.