Home page logo
/

snort logo Snort mailing list archives

Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 09:33:04 -0400

Support for rules are current version minus one.

Once we move to a new "x.x" release, we aren't going to update the previous
version.

We went to 2.9.0, which means that 2.8.* aren't going to get patches back
ported.

2.9.0 uses a different stream model than 2.8.*, so back porting the update
would be a monumental undertaking.

J

On Wed, Nov 3, 2010 at 9:25 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>wrote:

I guess I'm confused here ... I thought "support" for Snort was
current version and current version minus 1.  What you say says
"support" is current version and current version minus zero.  When did
this happen?

-L0rd C.

On Tue, Nov 2, 2010 at 5:34 PM, Steven Sturges
<steve.sturges () sourcefire com> wrote:
There was an issue in that HTTP inspect wasn't correctly handling
raw vs. stream reassembled packets when looking at HTTP response
data.  This fix is included in 2901 -- refer to ChangeLog (changes
to hi_client.c/hi_server.c).

As to the support of 2.8.6, with the release of 2.9.0, 2.8.6.x
is no longer supported.  When there is a new "3 digit" release no
further patches are made to the previous version of Snort.

On 11/1/2010 1:05 PM, L0rd Ch0de1m0rt wrote:
Hello. Does this release fix the issue where the HTTP pre-processor
wasn't properly examining reassembled data across fragmented packets?
(I don't know the exact cause of the bug - maybe it was the other way
around and Stream5 wasn't properly doing the reassebly.)  It was
announced that there would be a patch for that issue, just want to see
if this is it.  If so, when can we expect the 2.8.6.1 patch be
released?  2.8.6.1 is still supported, right?

Thanks!

-L0rd C.

On Mon, Nov 1, 2010 at 11:45 AM, Snort Releases <
snortreleases () snort org> wrote:
Snort 2.9.0.1 is now available on snort.org, at
http://www.snort.org/snort-downloads/.

2.9.0 RC & later packages are signed with a new PGP key
(that is signed with the previous key).

Snort 2.9.0.1 addresses the following:

 * Fixed maximum flowbits configuration parsing to specify the number
   of bits in accordance with the Snort manual, rather than number of
   bytes.  If you have 'config flowbits_size' in your snort.conf,
   double check that it has the correct setting.

 * Fixed a packet size issue with the IPQ and NFQ DAQs.

 * Fixed issue with Stream5 overlap limit processing.

 * Updated the version of LibPCRE bundled with the Windows installer.
   This update fixes a bug that caused some PCRE matches to fail
   on Windows.

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to
snort-beta () sourcefire com 

Happy Snorting!
The Snort Release Team



------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America
contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and
Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in
marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi
Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel




_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and
Lanyards
http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html




-- 
Joel Esler
302-223-5974
------------------------------------------------------------------------------
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
http://p.sf.net/sfu/hpdev2dev-nov
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]