Accepted snort 2.3.3-8 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 10 Aug 2006 00:44:36 +0200
Source: snort
Binary: snort-mysql snort-doc snort-rules-default snort-common snort-pgsql snort
Architecture: source i386 all
Version: 2.3.3-8
Distribution: unstable
Urgency: medium
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Description:
snort - Flexible Network Intrusion Detection System
snort-common - Flexible Network Intrusion Detection System [common files]
snort-doc - Documentation for the Snort IDS [documentation]
snort-mysql - Flexible Network Intrusion Detection System [MySQL]
snort-pgsql - Flexible Network Intrusion Detection System [PostgreSQL]
snort-rules-default - Flexible Network Intrusion Detection System ruleset
Closes: 381726
Changes:
snort (2.3.3-8) unstable; urgency=medium
.
* Fix security issue CVE-2006-2769, potential evasion in URI content
buffers. This evasion only applies to Apache protected servers since
that server supports some characters. The patch used is from 2.4.5
and is *not* the one provided by Demarc (which is not fully
comprehensive and is much more intrusive).
Since this is an evasion issue and not a real security issue
thus the 'medium' urgency even though it fixes security bug (Closes:
#381726)
.
From upstream (snort.org webpage, News item "Possible Evasion in
http_inspect"):
.
«The Apache web server supports special characters in HTTP requests that
do not affect the processing of the particular request. The current
target-based profiles for Apache in the http_inspect preprocessor do not
properly handle these requests, resulting in the possibility that an
attacker can bypass detection of rules that use the "uricontent" keyword
by embedding special characters in a HTTP request.»
.
«It is important to note that this is an evasion and not a vulnerability.
This means that while it is possible for an attacker to bypass detection,
Snort sensors and the networks they protect are not at a heightened risk
of other attacks.»
.
* Backport fix of another (different) potential evasion in Stream4 (also in
the Snort 2.4.5 release, no CVE name)
* Relocate Czech translation, it was not under debian/po
* Add a warning in /etc/default/snort that the SNORT_USER will be
modified (with usermod) every time you reinstall the package
(don't change it to 'root'!)
Files:
5815a2ce3d8dc39fec057394fce1081e 961 net optional snort_2.3.3-8.dsc
6cfe673ee3abbdf96d5003fec30527a4 350526 net optional snort_2.3.3-8.diff.gz
24ee623d75c35c83514efe797997c759 94450 net optional snort-common_2.3.3-8_all.deb
27f0b6579372d7aefc8889ee69f12fac 1800212 doc optional snort-doc_2.3.3-8_all.deb
932993d0f895485512c1f976ff6ae402 233212 net optional snort-rules-default_2.3.3-8_all.deb
db30e71458afba97b1c363675b4a98c0 358890 net optional snort_2.3.3-8_i386.deb
705fd479250a20cc875f60ca83be25c5 365824 net extra snort-mysql_2.3.3-8_i386.deb
e14329f507a72b07708c4144368f0609 365098 net optional snort-pgsql_2.3.3-8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iQCVAwUBRNp1jPtEPvakNq0lAQJ6ygQAqohT7fCplPjPJBRZG2TYDTEuHaALknvC
bPikj1gUa+1Wy8QQeApJLpUqIMDIriTM9CA0+5OXc7npl59EymjhfwtKl2PpP0aP
W93GRhw7bQc9GkEXMD/9AWTBO57qNE3lvKJhOUCby9SE2x9MYTgZtJGWReFT8MfF
8QpKZA8jQH8=
=rpyL
-----END PGP SIGNATURE-----
Accepted:
snort-common_2.3.3-8_all.deb
to pool/main/s/snort/snort-common_2.3.3-8_all.deb
snort-doc_2.3.3-8_all.deb
to pool/main/s/snort/snort-doc_2.3.3-8_all.deb
snort-mysql_2.3.3-8_i386.deb
to pool/main/s/snort/snort-mysql_2.3.3-8_i386.deb
snort-pgsql_2.3.3-8_i386.deb
to pool/main/s/snort/snort-pgsql_2.3.3-8_i386.deb
snort-rules-default_2.3.3-8_all.deb
to pool/main/s/snort/snort-rules-default_2.3.3-8_all.deb
snort_2.3.3-8.diff.gz
to pool/main/s/snort/snort_2.3.3-8.diff.gz
snort_2.3.3-8.dsc
to pool/main/s/snort/snort_2.3.3-8.dsc
snort_2.3.3-8_i386.deb
to pool/main/s/snort/snort_2.3.3-8_i386.deb