Project

General

Profile

Actions
Copy link

Feature #16589

open

Missing CVE fixes for pfsense supplied Suricata binary

Added by Alexander Lindqvist 6 days ago. Updated 6 days ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

PfSense supplied suricata binary 7.0.11 is now 2 versions behind current 7.0.13 or 8.0.2 again with 6 CVE's rated as high.

CVE-2025-59147: HIGH (7.0.x and 8.0.x)
CVE-2025-64344: HIGH (7.0.x and 8.0.x)
CVE-2025-64333: HIGH (7.0.x and 8.0.x)
CVE-2025-64332: HIGH (7.0.x and 8.0.x)
CVE-2025-64331: HIGH (7.0.x and 8.0.x)
CVE-2025-64330: HIGH (7.0.x and 8.0.x)

Freshports has 8.0.2 available upstream: https://www.freshports.org/security/suricata/

Actions
Copy link
 #1

Updated by Alexander Lindqvist 6 days ago

It would be great if Netgate could track the releases closer and update both branches (in this case 25.07.1 and 25.11) so you don't need to update to 25.11 on release day to get the updated suricata binary on firewalls in production.

Actions
Copy link

Also available in: Atom PDF