|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:259 http://www.mandriva.com/security/ _______________________________________________________________________ Package : snort Date : October 7, 2009 Affected: 2008.1 _______________________________________________________________________ Problem Description: preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. (CVE-2008-1804) The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: dc3906dc1d48752b0028db52dda4e9b4 2008.1/i586/snort-2.8.0.1-0.3mdv2008.1.i586.rpm 6c34aaba7a0021ccc797674b1b80bd46 2008.1/i586/snort-bloat-2.8.0.1-0.3mdv2008.1.i586.rpm c95670f1057d26073663beb067704575 2008.1/i586/snort-inline-2.8.0.1-0.3mdv2008.1.i586.rpm f38aca6368004b309de50a9e89ae4711 2008.1/i586/snort-inline+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm ae5e49f3664e21fd7576f27d51f0ab16 2008.1/i586/snort-mysql-2.8.0.1-0.3mdv2008.1.i586.rpm 72378abc8bded4a46f4a4742a76bf071 2008.1/i586/snort-mysql+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm 9b91fb239c850094fe3d068d5e8ac4b2 2008.1/i586/snort-plain+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm da019e8b5e97df18c4730a539c0f9138 2008.1/i586/snort-postgresql-2.8.0.1-0.3mdv2008.1.i586.rpm 795e63ccf0f37e51c650eec1c22f59bc 2008.1/i586/snort-postgresql+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm dc86b9a563093dc6e723ea7b76ea38ce 2008.1/i586/snort-prelude-2.8.0.1-0.3mdv2008.1.i586.rpm 2a397c8290156cf78fda4bbab18677e4 2008.1/i586/snort-prelude+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm 745baaa0d4e9b8c8a874f05e1742a77e 2008.1/SRPMS/snort-2.8.0.1-0.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 4540092c49a3dabb3401e95de9dde397 2008.1/x86_64/snort-2.8.0.1-0.3mdv2008.1.x86_64.rpm f62c42af2d2c39deeec921e3e04318c2 2008.1/x86_64/snort-bloat-2.8.0.1-0.3mdv2008.1.x86_64.rpm 8a2e5997b5ddc0917f8e661bbf228ab0 2008.1/x86_64/snort-inline-2.8.0.1-0.3mdv2008.1.x86_64.rpm 5a8e5de46c6adb8f5840ee0220a3825d 2008.1/x86_64/snort-inline+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm 53e029637c4d7b54cc1dda1ca0a84f71 2008.1/x86_64/snort-mysql-2.8.0.1-0.3mdv2008.1.x86_64.rpm 552026c7b229ec62e5c41f2034b4d18f 2008.1/x86_64/snort-mysql+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm 8036750a3fc64817acf1c82ce9f588cf 2008.1/x86_64/snort-plain+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm c4c349130ffd21720bb0b59a0653cc2a 2008.1/x86_64/snort-postgresql-2.8.0.1-0.3mdv2008.1.x86_64.rpm 3c2c7bafdc630238ce2d3a27b7dc54ab 2008.1/x86_64/snort-postgresql+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm 8d6c4fdc34d23992846bc23dde64da9c 2008.1/x86_64/snort-prelude-2.8.0.1-0.3mdv2008.1.x86_64.rpm 69e6dcc8c225e4ef231a03b24c1609bb 2008.1/x86_64/snort-prelude+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm 745baaa0d4e9b8c8a874f05e1742a77e 2008.1/SRPMS/snort-2.8.0.1-0.3mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKzRBPmqjQ0CJFipgRAtgTAJ40Hw8QpOu7G2hJshupeYo1nISexgCfSGDj lOR8kwq98+UqPA7h/HJr22I=7No9 -----END PGP SIGNATURE-----