----- Original Message -----
From: "Thomas Biege"
On Fri, 7 Mar 2003, Mathias Homann wrote:
When can we expect an updated Snort 1.9.1 RPM?
This version will be shipped with the upcoming SuSE Linux distribution.
Bye, Thomas
Will there be no Update for existing distributions as it is not a minor fix, but an important update for everyone using snort on a box. With sendmail the reaction was quite fast, with snort the problem wasn't even mentioned here (with the workaround). I just wonder a little bit about your answert that the next release will contain the fixed snort-rpm.
Hmmm ... thinking about priorities .... In security!
Uwe
So basically SuSE says 'If you want snort with that security fix, go and _BUY_ the next SuSE which hasnt even been announced?
Snort is open source. You do not need to buy SuSE for just using snort.
If you do not want to compile it on your own look at http://www.snort.org/dl/binaries/ . Someone may publish an RPM there very soon I think.
Maybe, but the same is valid for Sendmail! I think every kind of specially remote exploitable Software included with your distributions should be fixed, as you even use security for marketing (just taking a look at the box:-) I know that with thousands of packages included with the 7 CD's you can't do any bugfix, but remote exploitable security-vulnerabilities are different from just bugs. So what I wonder about is the different way you handeled the sendmail-vulnerability, but didn't even mention the snort-vulnerablity. I know the workaround and I should have postet it myself to the list, but I jsut subscribed the day I sent my message in. Another thing is, that there are not soooo many remote exploitable bugs every day or week on important rpm's, so there should be the time to offer fixed or updated packages when such a bug happens. I can't imagine that for you as the professionals it's hard to build a new rpm for the actual and even some outdated distributions. And what you mention about snort in your next posting ... - I an only aks what is different with sendmail that you did a fix for that so fast? And the feedback here in this group shows, that others re thinking the same ... just to tell the next distribution which isn't even announced will include the bug-fixed version of snort - is not really a good thing. sounds a little bit like they way M$ handles security. But it's good that you came back with some feedback into the group :-) Have a nice week! Uwe Betz