Bug 15222

Summary: [CVE 21] suricata 6.0.20 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: alexei_safin <a.safin>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED    
Severity: normal CC: a.proklov
Priority: Normal Flags: a.safin: secteam_verified?
Version: All   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: Upstream:

Description alexei_safin 2025-06-03 22:23:49 MSK 
Описание CVE: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.

CVE ID: CVE-2025-29915
Пакет: suricata
Версия: 6.0.20
CVSS: None
Impact Score: None
Exploitability Score: None
CVSS v3: 7.5
Impact Score v3: 3.6
Exploitability Score v3: 3.9
Ссылка на NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29915
Ссылка на CVE Search: http://158.255.4.149:17563/api/cve/CVE-2025-29915
Comment 1 Aleksandr Proklov 2025-06-04 06:28:57 MSK 
*** Bug 15225 has been marked as a duplicate of this bug. ***
Comment 2 Aleksandr Proklov 2025-06-04 06:29:07 MSK 
*** Bug 15223 has been marked as a duplicate of this bug. ***
Comment 3 Aleksandr Proklov 2025-06-04 06:29:16 MSK 
*** Bug 15224 has been marked as a duplicate of this bug. ***
Comment 4 Aleksandr Proklov 2025-06-04 06:30:34 MSK 
закрыто патчами
suricata	6.0.20-4

https://abf.io/build_lists/5432776
https://abf.io/build_lists/5432777
https://abf.io/build_lists/5432778