|
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > +------------------------------------------------------------------------+ > | Guardian Digital Security Advisory April 30, 2003 | > | http://www.guardiandigital.com ESA-20030430-013 | > | | > | Package: snort | > | Summary: stream4 preprocessor integer overflow vulnerability | > +------------------------------------------------------------------------+ > > EnGarde Secure Linux is an enterprise class Linux platform engineered > to enable corporations to quickly and cost-effectively build a complete > and secure Internet presence while preventing Internet threats. > > OVERVIEW > - -------- > There is an integer overflow vulnerability in the stream4 preprocessor > of the Snort IDS system. > > Guardian Digital products affected by this issue include: > > EnGarde Secure Community v1.0.1 > EnGarde Secure Community 2 > EnGarde Secure Professional v1.1 > EnGarde Secure Professional v1.2 > EnGarde Secure Professional v1.5 > > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the name CAN-2003-0209 to this issue. > > It is recommended that all users apply this update as soon as possible. > > SOLUTION > - -------- > Guardian Digital Secure Network subscribers may automatically update > affected systems by accessing their account from within the Guardian > Digital WebTool. > > To modify your GDSN account and contact preferences, please go to: > > https://www.guardiandigital.com/account/ > > Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages: > > SRPMS/snort-2.0.0-1.0.10.src.rpm > MD5 Sum: e4dea6592038fa6e487607c1d1adbba4 > > i386/snort-2.0.0-1.0.10.i386.rpm > MD5 Sum: e530e2b93853e1082dec8de4f494e95a > > i686/snort-2.0.0-1.0.10.i686.rpm > MD5 Sum: 3d0770923eedd9d28484984e13a23260 > > REFERENCES > - ---------- > Guardian Digital's public key: > http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY > > Snort's Official Web Site: > http://www.snort.org/ > > Guardian Digital Advisories: > http://infocenter.guardiandigital.com/advisories/ > > Security Contact: security@guardiandigital.com > > - ------------------------------------------------------------------------ -- > Author: Ryan W. Maple <ryan@guardiandigital.com> > Copyright 2003, Guardian Digital, Inc. >