-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:259-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : snort Date : December 11, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. (CVE-2008-1804) The updated packages have been patched to prevent this. Additionally there were problems with two rules in the snort-rules package for 2008.0 that is also fixed with this update. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: c6835024a29a5c1156ec1bcabe7a930e 2008.0/i586/snort-2.7.0.1-2.1mdv2008.0.i586.rpm 098ce3906b38dbc27781a50b78ecbbad 2008.0/i586/snort-bloat-2.7.0.1-2.1mdv2008.0.i586.rpm d7657089df1764a9e39ddd2b51184a49 2008.0/i586/snort-inline-2.7.0.1-2.1mdv2008.0.i586.rpm f4f32580e4d373f60851e86b8f7c9bc0 2008.0/i586/snort-inline+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm a62fad5150fcbf898093874f98a8fd1f 2008.0/i586/snort-mysql-2.7.0.1-2.1mdv2008.0.i586.rpm debc1944271f72611659243643df0b37 2008.0/i586/snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm a409dad0f0fff1d22464aec4099ac9c0 2008.0/i586/snort-plain+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm 0e23ae93be9946cbcfd4df66beac3233 2008.0/i586/snort-postgresql-2.7.0.1-2.1mdv2008.0.i586.rpm c52e0e33c8fc3c01037e2f552897eda0 2008.0/i586/snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm d3122af0d714bfb08757af1dc62cfb23 2008.0/i586/snort-prelude-2.7.0.1-2.1mdv2008.0.i586.rpm 0b887e9d0dee5fa77feae8143d134ba9 2008.0/i586/snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm a9e6bf9e1993eacd1063832575ffe977 2008.0/i586/snort-rules-2.3.3-4.1mdv2008.0.noarch.rpm 00f5191e8a96520bddec9103643e0749 2008.0/SRPMS/snort-2.7.0.1-2.1mdv2008.0.src.rpm 0be9e2861d2c13d582f40e6f1bd8e658 2008.0/SRPMS/snort-rules-2.3.3-4.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: d2f029f4ec84f06776fb384e56e4d721 2008.0/x86_64/snort-2.7.0.1-2.1mdv2008.0.x86_64.rpm 6c8ec7d6879e031ced36dc513bb7fe74 2008.0/x86_64/snort-bloat-2.7.0.1-2.1mdv2008.0.x86_64.rpm fe4d3026e064ff96a18d3efe30d66751 2008.0/x86_64/snort-inline-2.7.0.1-2.1mdv2008.0.x86_64.rpm cc1a7cae0cab080fa9988f4c98e79815 2008.0/x86_64/snort-inline+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm d82f9aeb3e9830dbe800ba56174d4db8 2008.0/x86_64/snort-mysql-2.7.0.1-2.1mdv2008.0.x86_64.rpm a3dbf00d5ef116b42bd976ee9ade5fa3 2008.0/x86_64/snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm 0418bd642265eceadb17fe715420df23 2008.0/x86_64/snort-plain+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm c230b6a1c20e51b2677ff1ae03cb5a15 2008.0/x86_64/snort-postgresql-2.7.0.1-2.1mdv2008.0.x86_64.rpm d77df31ddcf18a7a7593e5066b718b5b 2008.0/x86_64/snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm 7acf1860096c4e33a4f98b761238eb8c 2008.0/x86_64/snort-prelude-2.7.0.1-2.1mdv2008.0.x86_64.rpm 1650df9efae93915a664dc8fd241e541 2008.0/x86_64/snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm bf0455c5009baba5e69fd36be577395f 2008.0/x86_64/snort-rules-2.3.3-4.1mdv2008.0.noarch.rpm 00f5191e8a96520bddec9103643e0749 2008.0/SRPMS/snort-2.7.0.1-2.1mdv2008.0.src.rpm 0be9e2861d2c13d582f40e6f1bd8e658 2008.0/SRPMS/snort-rules-2.3.3-4.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLInBCmqjQ0CJFipgRAmbZAJ4qNSA8+ArtaunQm/WVInVF69aXZQCgynQX llu8khCpY699YQhOA1z6Nog= =pqEG -----END PGP SIGNATURE-----