[Buildroot] [git commit branch/2025.08.x] package/suricata: security bump to v6.0.20

Arnout Vandecappelle arnout at rnout.be
Wed Oct 22 16:38:46 UTC 2025 

commit: https://git.buildroot.net/buildroot/commit/?id=9fbf9711b9f3e6bae86b2da06ee493e70fdb47fa
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2025.08.x

The v6.0.20 is the last patch level version bump of suricata version 6.
This version is now EOL since July 2024 and other new vulnerabilities
apply to this package.

For more details on the version bump, see:
  - https://suricata.io/2024/06/27/suricata-7-0-6-and-6-0-20-released/
  - https://github.com/OISF/suricata/releases/tag/suricata-6.0.20

Fixes the following vulnerabilities:

- CVE-2024-37151

    Mishandling of multiple fragmented packets using the same IP ID
    value can lead to packet reassembly failure, which can lead to
    policy bypass. When using af-packet, enable `defrag` to reduce the
    scope of the problem.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2024-37151

- CVE-2024-38535

    Suricata can run out of memory when parsing crafted HTTP/2 traffic.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2024-38535

Signed-off-by: Thomas Perale <thomas.perale at mind.be>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit ab2fc8d88fd117546442b7c10aac59498a7579ad)
Signed-off-by: Thomas Perale <thomas.perale at mind.be>
---
 package/suricata/suricata.hash | 2 +-
 package/suricata/suricata.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/suricata/suricata.hash b/package/suricata/suricata.hash
index 58ab0d93b0..ea5ba01dc0 100644
--- a/package/suricata/suricata.hash
+++ b/package/suricata/suricata.hash
@@ -1,5 +1,5 @@
 # Locally computed:
-sha256  98c812faef466d337f107f13ae37843f1c719942b93832d70f1a2fd7ee1b5c2c  suricata-6.0.19.tar.gz
+sha256  c1515754924b618914fcb3cb98873af49996b920f2389a1998f89604f227a807  suricata-6.0.20.tar.gz
 
 # Hash for license files:
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/suricata/suricata.mk b/package/suricata/suricata.mk
index e60ed2fce8..8840853054 100644
--- a/package/suricata/suricata.mk
+++ b/package/suricata/suricata.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SURICATA_VERSION = 6.0.19
+SURICATA_VERSION = 6.0.20
 SURICATA_SITE = https://www.openinfosecfoundation.org/download
 SURICATA_LICENSE = GPL-2.0
 SURICATA_LICENSE_FILES = COPYING LICENSE

More information about the buildroot mailing list