Fedora has issued an advisory today (July 10):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4IVRXHEBK6GTJ2KOWURS4GYVODIFVPBK/

Upstream release announcement for 6.0.3:
https://suricata.io/2021/06/30/new-suricata-6-0-3-and-5-0-7-releases/

Severity: normal => major
Summary: suricata new security issue(s) fixed upstream in 6.0.2 => suricata new security issue(s) fixed upstream in 6.0.3 (including CVE-2021-35063)

Fedora has issued an advisory on November 27:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/

No upstream release announcement is available yet for 6.0.4.

Summary: suricata new security issue(s) fixed upstream in 6.0.3 (including CVE-2021-35063) => suricata new security issue(s) fixed upstream in 6.0.4 (including CVE-2021-35063)

Updated package uploaded for Mageia 8 by Guillaume.

Still no upstream announcement.

libhtp2-6.0.4-1.mga8
libhtp-devel-6.0.4-1.mga8
suricata-6.0.4-1.mga8

from suricata-6.0.4-1.mga8.src.rpm

CC: (none) => guillomovitch
Assignee: guillomovitch => qa-bugs

Mageia 8 X64 Gnome

No installation issue.

$ suricata -v
Suricata 6.0.4
USAGE: suricata [OPTIONS] [BPF FILTER]

	-c <path>                            : path to configuration file
	-T                                   : test configuration file (use with -c)
	-i <dev or ip>                       : run in pcap live mode
	-F <bpf filter file>                 : bpf filter file

...

To run the engine with default configuration on interface eth0 with signature file "signatures.rules", run the command as:

suricata -c suricata.yaml -s signatures.rules -i eth0

CC: (none) => hdetavernier

MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues, suricata not being installed on the laptop before.
All suricata executaables are is /usr/bin so can be executed by a normal user, but
]$ suricata-update 
30/12/2021 -- 15:21:25 - <Info> -- Using data-directory /var/lib/suricata.
30/12/2021 -- 15:21:25 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
30/12/2021 -- 15:21:25 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
30/12/2021 -- 15:21:25 - <Info> -- Found Suricata version 6.0.4 at /usr/sbin/suricata.
30/12/2021 -- 15:21:25 - <Info> -- Loading /etc/suricata/suricata.yaml
30/12/2021 -- 15:21:25 - <Info> -- Disabling rules for protocol http2
30/12/2021 -- 15:21:25 - <Info> -- Disabling rules for protocol modbus
30/12/2021 -- 15:21:25 - <Info> -- Disabling rules for protocol dnp3
30/12/2021 -- 15:21:25 - <Info> -- Disabling rules for protocol enip
30/12/2021 -- 15:21:25 - <Warning> -- Cache directory does not exist and could not be created. /var/tmp will be used instead.
30/12/2021 -- 15:21:25 - <Info> -- No sources configured, will use Emerging Threats Open
30/12/2021 -- 15:21:25 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-6.0.4/emerging.rules.tar.gz.
 100% - 3122358/3122358               
30/12/2021 -- 15:21:28 - <Info> -- Done.
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
30/12/2021 -- 15:21:28 - <Info> -- Ignoring file rules/emerging-deleted.rules
30/12/2021 -- 15:21:30 - <Info> -- Loaded 31729 rules.
30/12/2021 -- 15:21:30 - <Info> -- Disabled 14 rules.
30/12/2021 -- 15:21:30 - <Info> -- Enabled 0 rules.
30/12/2021 -- 15:21:30 - <Info> -- Modified 0 rules.
30/12/2021 -- 15:21:30 - <Info> -- Dropped 0 rules.
30/12/2021 -- 15:21:30 - <Info> -- Enabled 131 rules for flowbit dependencies.
30/12/2021 -- 15:21:30 - <Info> -- Creating directory /var/lib/suricata/rules.
30/12/2021 -- 15:21:30 - <Error> -- Failed to create directory /var/lib/suricata/rules: [Errno 13] Permission denied: '/var/lib/suricata/rules'

While as root:
# suricata-update 
30/12/2021 -- 15:22:20 - <Info> -- Using data-directory /var/lib/suricata.
30/12/2021 -- 15:22:20 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
30/12/2021 -- 15:22:20 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
30/12/2021 -- 15:22:20 - <Info> -- Found Suricata version 6.0.4 at /usr/sbin/suricata.
30/12/2021 -- 15:22:20 - <Info> -- Loading /etc/suricata/suricata.yaml
30/12/2021 -- 15:22:20 - <Info> -- Disabling rules for protocol http2
etc ..... but no warning, and at the end:
30/12/2021 -- 15:22:26 - <Info> -- Loaded 31729 rules.
30/12/2021 -- 15:22:26 - <Info> -- Disabled 14 rules.
30/12/2021 -- 15:22:26 - <Info> -- Enabled 0 rules.
30/12/2021 -- 15:22:26 - <Info> -- Modified 0 rules.
30/12/2021 -- 15:22:26 - <Info> -- Dropped 0 rules.
30/12/2021 -- 15:22:26 - <Info> -- Enabled 131 rules for flowbit dependencies.
30/12/2021 -- 15:22:26 - <Info> -- Creating directory /var/lib/suricata/rules.
30/12/2021 -- 15:22:26 - <Info> -- Backing up current rules.
30/12/2021 -- 15:22:26 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 31729; enabled: 24347; added: 31729; removed 0; modified: 0
30/12/2021 -- 15:22:26 - <Info> -- Writing /var/lib/suricata/rules/classification.config
30/12/2021 -- 15:22:26 - <Info> -- Testing with suricata -T.
30/12/2021 -- 15:23:02 - <Info> -- Done.

I don't believe this is a regression, I guess it has always been this way. The installation has installed a suricata group, so assigning thegroup to the user, and reporting back after logging in again.

CC: (none) => herman.viaene

sWrong guess deleted suricata again, deleted suricata friom /var/lib completely, reinstalled, checked ownershipof /var/lib/suricata to suricata user and group
andrun caommand again
Goes further, but at the end:
30/12/2021 -- 15:46:45 - <Info> -- Loaded 31729 rules.
30/12/2021 -- 15:46:46 - <Info> -- Disabled 14 rules.
30/12/2021 -- 15:46:46 - <Info> -- Enabled 0 rules.
30/12/2021 -- 15:46:46 - <Info> -- Modified 0 rules.
30/12/2021 -- 15:46:46 - <Info> -- Dropped 0 rules.
30/12/2021 -- 15:46:46 - <Info> -- Enabled 131 rules for flowbit dependencies.
30/12/2021 -- 15:46:46 - <Info> -- Creating directory /var/lib/suricata/rules.
30/12/2021 -- 15:46:46 - <Error> -- Failed to create directory /var/lib/suricata/rules: [Errno 13] Permission denied: '/var/lib/suricata/rules'
Checked and found that /var/lib/suricata has read-only rights for the suricata group, r/w only for the suricata user

Tried Hugues example:
$ suricata -c suricata.yaml -s signatures.rules -i wlp9s0
30/12/2021 -- 15:54:11 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - failed to open file: suricata.yaml: No such file or directory
I don't know what to make of this.

Suricata need to be configured with suricata.yaml in /etc/suricata:

https://suricata.readthedocs.io/en/suricata-6.0.0/quickstart.html

On the link, updates are done with sudo:

In this guide we just run the default mode which fetches the ET Open ruleset:

sudo suricata-update

Update runs OK as root.
Tried to update suricata.yaml to use my wlp9s0 as interface. But trying to run
# suricata -c /etc/suricata/suricata.yaml -s signatures.rules -i  wlp9s0
still fails, mentioning no rules for eth0.
So, I guess my lack of knowledge should not prevent you from OK'ing this update, you have my blessing (in the unlikelyas you would need it).

Sigh. I know the feeling, Herman.

Hugues sounds like one who is experienced, so I'll go ahead and send it on. 

Hugues, if you are satisfied with the results of your tests, you can put the OK in the Whiteboard yourself, without waiting for one of us to examine your work first. 

If you have questions, or see problems, feel free to bring them up - that is what QA is for. But if you don't, please remember that you are as much a part of the team as we who have been here longer.

Validating.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0008.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Upstream announcements have been moved to the forum.

Announcement for 6.0.4, which lists another CVE, is here:
https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942

Summary: suricata new security issue(s) fixed upstream in 6.0.4 (including CVE-2021-35063) => suricata new security issue(s) fixed upstream in 6.0.4 (including CVE-2021-35063 and CVE 2021-37592)