Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN528
_____________________________________________________________________

DATE                : 20/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Suricata versions prior to 8.0.5,
                                        7.0.16.

=====================================================================
https://suricata.io/2026/05/19/suricata-8-0-5-and-7-0-16-released/
_____________________________________________________________________


Suricata 8.0.5 and 7.0.16 released!
Posted on May 19, 2026 | by Juliana Fajardini	

We are pleased to announce the releases of Suricata 8.0.5 and 7.0.16.

These are security releases, fixing a number of important issues. This
is the first release cycle that reflects a change in vulnerability
reporting volume as a result of the rise of AI(-assisted) analysis,
resulting in a higher than usual number of issues.

Get the releases here:

🔸8.0.5: https://www.openinfosecfoundation.org/download/suricata-8.0.5.tar.gz
🔸7.0.16: https://www.openinfosecfoundation.org/download/suricata-7.0.16.tar.gz
Notable Changes

Various security, performance, accuracy, and stability issues have
been fixed.

    8.0.5 tickets: https://redmine.openinfosecfoundation.org/versions/233
    7.0.16 tickets: https://redmine.openinfosecfoundation.org/versions/231

Suricata-update and LibHTP versions remain the same from the
previous release.

CVE IDs Addressed 

CVE	Severity (OISF)	Severity (CVSS 3.1)	Affected Version(s)
Ticket(s)

CVE-2026-45764	CRITICAL	CRITICAL	8.0.x and 7.0.x	8493, 8494
CVE-2026-45766	CRITICAL	HIGH	8.0.x and 7.0.x	8419, 8420
CVE-2026-45769	CRITICAL	HIGH	8.0.x and 7.0.x	8416, 8417
CVE-2026-45768	CRITICAL	HIGH	8.0.x only	8406
CVE-2026-46387	HIGH	HIGH	8.0.x and 7.0.x	8554, 8555
CVE-2026-45759	HIGH	HIGH	8.0.x and 7.0.x	8530, 8531
CVE-2026-45762	HIGH	HIGH	8.0.x and 7.0.x	8511, 8512
CVE-2026-45765	HIGH	HIGH	8.0.x and 7.0.x	8461, 8462
CVE-2026-45747	HIGH	HIGH	7.0.x only	6286
CVE-2026-45770	HIGH	HIGH	8.0.x only	8557
CVE-2026-46352	HIGH	HIGH	8.0.x only	8561
CVE-2026-45767	HIGH	MODERATE	8.0.x and 7.0.x	8547, 8548
CVE-2026-45763	HIGH	MODERATE	8.0.x only	8508
CVE-2026-45751	MODERATE	MODERATE	8.0.x and 7.0.x	8540, 8542
CVE-2026-45752	MODERATE	MODERATE	8.0.x only	8541
CVE-2026-45761	LOW	LOW	8.0.x and 7.0.x	8527, 8528


Severity scores defined by OISF and CVSS may vary due to how we
assess and evaluate impact. While CVSS has a more generic view
on vulnerabilities and will penalize any network-related issues,
for instance, OISF considers Suricata context as the baseline
(thus, as example, affecting the network isn’t taken into
account).

    Suricata Security Policies: https://github.com/OISF/suricata/security/policy (updated recently)
    Suricata Security Advisories: https://github.com/OISF/suricata/security/advisories


Security Issues

Note that we have refined Suricata issues’ severities last month.
CRITICAL severity is reserved for issues affecting Tier 1 features
enabled by default, involving remotely triggerable traffic-based
code execution. HIGH severity also covers Tier 1 features enabled
by default, where there’s possible loss of visibility or
availability.

If you think you’ve encountered a security vulnerability, please
see how to report a security issue.


OISF Signing key updated

The OISF signing key has been recently updated to have a later
expiration date. It is the same key as before, but users will
need to refresh it:

gpg --receive-keys 2BA9C98CCDF1E93A

It can also be downloaded from: https://www.openinfosecfoundation.org/downloads/OISF.pub

Using Signing Keys: https://docs.suricata.io/en/suricata-8.0.5/verifying-source-files.html


Special Thanks

Alexandre de Oliveira, alinse-pltzr, Ben Jackson, Eric Leblond,
Léopold Quairy, Makar Semyonov, Michael Dickenson, NebuSec,
Nils Eiling, Pablo Ruiz, Sebastián Alba, Sergey Pinaev,
Sreejith Gopinath, Trail of Bits (in collaboration with
Anthropic), Xiaojin Peng, OSS-Fuzz, Coverity.

For contributing patches, reporting bugs or otherwise helping
keep Suricata code secure.


News from SuriCon

The Call for Talks for SuriCon Lisbon 2026 is open for only a
few more weeks! The Suricata users conference is the best place
to present experience-driven talks that share meaningful
knowledge with the community and help move Suricata forward.

So, if you’re working on something exciting (or have faced a
lot of challenges and frustrations, and have lessons learned!),
visit https://pretalx.com/suricon2026/cfp – we love hearing
from you!

For SuriCon archives, registration and more, go to: suricon.net


About Suricata

Suricata is a high-performance Network Threat Detection, IDS, IPS,
and Network Security Monitoring engine. Open-source and owned by
a community-run non-profit foundation, the Open Information
Security Foundation (OISF). Suricata is developed by OISF,
its supporting vendors, and the community.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================