2010年12月22日

[installer 2612] snort-2.9.0.3, daq-0.5

snort-2.9.0.3, daq-0.5 出ています。

☆ snort-2.9.0.3, daq-0.5
http://www.snort.org/
http://www.snort.org/snort-downloads

Snort 2.9.0.3
* src/build.h:

Increment Snort build number to 98
* doc/: snort_manual.tex, snort_manual.pdf:
Fixed Snort manual descriptions of some rule options.
Changed whitespace in several areas to be more consistent.
Max mime mem example changed from 1000 to 4000.
Updated manual for distance / within / offset / depth combos.
Thanks to Joshua Kinard for submitting several fixes.
* doc/INSTALL:
Update doc/INSTALL with instructions for building on OpenBSD.
* src/dynamic-preprocessors/smtp/smtp_config.c:
Print alert_unknown_commands in SMTP config of snort output.
Print the SMTP MIME config details with snort output.
* src/: decode.c, decode.h, snort.c:
discriminate between ip4 and ip6 raw packets
Thanks to Gerald Maziarski for reporting this issue.
* src/detection-plugins/: detection_options.c, sp_byte_jump.c,
sp_pattern_match.c:
restore doe flags along with doe pointer.
* preproc_rules/preprocessor.rules:
Updated preprocessor.rules references to match VRT.
* src/dynamic-preprocessors/smtp/spp_smtp.c:
When the SMTP preprocessor is started in a
"disabled" state, it no longer requires Stream5.
* src/decode.c:
Truncated ESP traffic is now handled correctly.
Thanks to rmkml for bringing the issue to our attention.
* src/: decode.c, fpdetect.c:
Fixed a problem with handling UDP/IPv6 over Teredo where the inner UDP
header was malformed.
* preproc_rules/preprocessor.rules:
Added a reference to preprocessor.rules.
* src/dynamic-preprocessors/smtp/spp_smtp.c:
When the SMTP preprocessor is started in a
"disabled" state, it no longer requires Stream5.
* src/detection-plugins/: detection_options.c, sp_pattern_match.c:
Update content to check for HTTP_RESP_BODY in packet flag
if option is relative and not using rawbytes.
* etc/snort.conf:
Update with snort.conf from VRT
* src/dynamic-plugins/sf_engine/examples/detection_lib_meta.h:
Bumped minor version number in example detection lib.
* src/preprocessors/spp_frag3.c:
Fix memory leak when there are two zero offset
fragments with different IP options. Previous code was blindly
copying new IP options over top of existing ones.
* src/dynamic-plugins/sf_engine/: sf_snort_detection_engine.c,
sf_snort_plugin_api.h:
Fixed overlaps in various flags in the Shared Object rule API.
Shared Object rules from previous 2.9.0 versions need to be recompiled.
* src/detection-plugins/sp_pattern_match.c:
Moved non-zero initializations in the PatternMatchData struct
to the NewNode() function. This fixes the use of depth, offset,
distance, and within on uricontent options.
Reject invalid combinations of distance/within and offset/depth
including repeated keywords.
Thanks to Dave Bertouille and Daniel Clemens for pointing out issues here.
* src/: snort.c, util.c, util.h:
write correct pid to file for glibc2.2 / linux threads
* src/preprocessors/: snort_httpinspect.c,
HttpInspect/mode_inspection/hi_mi.c:
Fixed an instance where HTTP session data was not checked.
DAQ 0.5
* daq/os-daq-modules/Makefile.am:
The IPFW DAQ now builds on OpenBSD.
Thanks to Ross Lawrie, Randall Rioux, and many others for reporting this.

----
こがよういちろう


投稿者 xml-rpc : 2010年12月22日 08:49
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/100874
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。