-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 10 Aug 2006 00:44:36 +0200 Source: snort Binary: snort-mysql snort-doc snort-rules-default snort-common snort-pgsql snort Architecture: source i386 all Version: 2.3.3-8 Distribution: unstable Urgency: medium Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Description: snort - Flexible Network Intrusion Detection System snort-common - Flexible Network Intrusion Detection System [common files] snort-doc - Documentation for the Snort IDS [documentation] snort-mysql - Flexible Network Intrusion Detection System [MySQL] snort-pgsql - Flexible Network Intrusion Detection System [PostgreSQL] snort-rules-default - Flexible Network Intrusion Detection System ruleset Closes: 381726 Changes: snort (2.3.3-8) unstable; urgency=medium . * Fix security issue CVE-2006-2769, potential evasion in URI content buffers. This evasion only applies to Apache protected servers since that server supports some characters. The patch used is from 2.4.5 and is *not* the one provided by Demarc (which is not fully comprehensive and is much more intrusive). Since this is an evasion issue and not a real security issue thus the 'medium' urgency even though it fixes security bug (Closes: #381726) . From upstream (snort.org webpage, News item "Possible Evasion in http_inspect"): . «The Apache web server supports special characters in HTTP requests that do not affect the processing of the particular request. The current target-based profiles for Apache in the http_inspect preprocessor do not properly handle these requests, resulting in the possibility that an attacker can bypass detection of rules that use the "uricontent" keyword by embedding special characters in a HTTP request.» . «It is important to note that this is an evasion and not a vulnerability. This means that while it is possible for an attacker to bypass detection, Snort sensors and the networks they protect are not at a heightened risk of other attacks.» . * Backport fix of another (different) potential evasion in Stream4 (also in the Snort 2.4.5 release, no CVE name) * Relocate Czech translation, it was not under debian/po * Add a warning in /etc/default/snort that the SNORT_USER will be modified (with usermod) every time you reinstall the package (don't change it to 'root'!) Files: 5815a2ce3d8dc39fec057394fce1081e 961 net optional snort_2.3.3-8.dsc 6cfe673ee3abbdf96d5003fec30527a4 350526 net optional snort_2.3.3-8.diff.gz 24ee623d75c35c83514efe797997c759 94450 net optional snort-common_2.3.3-8_all.deb 27f0b6579372d7aefc8889ee69f12fac 1800212 doc optional snort-doc_2.3.3-8_all.deb 932993d0f895485512c1f976ff6ae402 233212 net optional snort-rules-default_2.3.3-8_all.deb db30e71458afba97b1c363675b4a98c0 358890 net optional snort_2.3.3-8_i386.deb 705fd479250a20cc875f60ca83be25c5 365824 net extra snort-mysql_2.3.3-8_i386.deb e14329f507a72b07708c4144368f0609 365098 net optional snort-pgsql_2.3.3-8_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iQCVAwUBRNp1jPtEPvakNq0lAQJ6ygQAqohT7fCplPjPJBRZG2TYDTEuHaALknvC bPikj1gUa+1Wy8QQeApJLpUqIMDIriTM9CA0+5OXc7npl59EymjhfwtKl2PpP0aP W93GRhw7bQc9GkEXMD/9AWTBO57qNE3lvKJhOUCby9SE2x9MYTgZtJGWReFT8MfF 8QpKZA8jQH8= =rpyL -----END PGP SIGNATURE----- Accepted: snort-common_2.3.3-8_all.deb to pool/main/s/snort/snort-common_2.3.3-8_all.deb snort-doc_2.3.3-8_all.deb to pool/main/s/snort/snort-doc_2.3.3-8_all.deb snort-mysql_2.3.3-8_i386.deb to pool/main/s/snort/snort-mysql_2.3.3-8_i386.deb snort-pgsql_2.3.3-8_i386.deb to pool/main/s/snort/snort-pgsql_2.3.3-8_i386.deb snort-rules-default_2.3.3-8_all.deb to pool/main/s/snort/snort-rules-default_2.3.3-8_all.deb snort_2.3.3-8.diff.gz to pool/main/s/snort/snort_2.3.3-8.diff.gz snort_2.3.3-8.dsc to pool/main/s/snort/snort_2.3.3-8.dsc snort_2.3.3-8_i386.deb to pool/main/s/snort/snort_2.3.3-8_i386.deb
