On Friday 07 March 2003 13:47, HoneyNet Germany wrote:
Together with the Sendmail Remote Buffer Overflow there has been announced a Snort vulnerablity. But until now no one mentioned this on the list, nor is an update availble.
When can we expect an updated Snort 1.9.1 RPM?
Usually SuSE publish minimum patches to address vulnerabilities, rather than new versions of a package. Maybe that was the wrong question to ask? Having watched the thread slightly bemused, I am wondering : 1) Will there be an advisory on snort, in response to the vulnerability? 2) If so will there be update patch rpms in future 3) Will the work round be published officially, to tide 'snorters' over in meantim As it is, I have impression snort, though present on my CD disks and the SuSE ftp site, is creeping under the radar. If I had not been paying attention here, then I might open up one of my systems unkowingly by installing this package with a remote root exploit. Thomas, thank you for the info, and I agree with you that it is simple to update the snort package by downloading source and rebuilding the rpm. There is however a problem if a known remote-root vulerable package can remain on the install list for long, simply because it that package is 'low priority', maybe because it's infrequently installed, or it's software the Security Team do not trust and like. One of the reasons I buy and use SuSE, is because of the Security Team, and I really like the fact that you are accessible on this list. But you and your managers, need to appreciate, that I am then relying on you then to make sure the SuSE packages are sound against known vulnerabilities, or at least produce an advisiory, with a workround or 'pull the package entirely'. If there's not time to deal with snort patches and update rpm's, and you don't seem to have confidence in the implementation, then maybe the axe should fall? For those who do want to risk snort, a simple spec file and a support note on how to build the snort update package for those who *must* have it, with appropriate disclaimers? Rob