Snort mailing list archives
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 09:33:04 -0400
Support for rules are current version minus one. Once we move to a new "x.x" release, we aren't going to update the previous version. We went to 2.9.0, which means that 2.8.* aren't going to get patches back ported. 2.9.0 uses a different stream model than 2.8.*, so back porting the update would be a monumental undertaking. J On Wed, Nov 3, 2010 at 9:25 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>wrote:
I guess I'm confused here ... I thought "support" for Snort was current version and current version minus 1. What you say says "support" is current version and current version minus zero. When did this happen? -L0rd C. On Tue, Nov 2, 2010 at 5:34 PM, Steven Sturges <steve.sturges () sourcefire com> wrote:There was an issue in that HTTP inspect wasn't correctly handling raw vs. stream reassembled packets when looking at HTTP response data. This fix is included in 2901 -- refer to ChangeLog (changes to hi_client.c/hi_server.c). As to the support of 2.8.6, with the release of 2.9.0, 2.8.6.x is no longer supported. When there is a new "3 digit" release no further patches are made to the previous version of Snort. On 11/1/2010 1:05 PM, L0rd Ch0de1m0rt wrote:Hello. Does this release fix the issue where the HTTP pre-processor wasn't properly examining reassembled data across fragmented packets? (I don't know the exact cause of the bug - maybe it was the other way around and Stream5 wasn't properly doing the reassebly.) It was announced that there would be a patch for that issue, just want to see if this is it. If so, when can we expect the 2.8.6.1 patch be released? 2.8.6.1 is still supported, right? Thanks! -L0rd C. On Mon, Nov 1, 2010 at 11:45 AM, Snort Releases <snortreleases () snort org> wrote:Snort 2.9.0.1 is now available on snort.org, at http://www.snort.org/snort-downloads/. 2.9.0 RC & later packages are signed with a new PGP key (that is signed with the previous key). Snort 2.9.0.1 addresses the following: * Fixed maximum flowbits configuration parsing to specify the number of bits in accordance with the Snort manual, rather than number of bytes. If you have 'config flowbits_size' in your snort.conf, double check that it has the correct setting. * Fixed a packet size issue with the IPQ and NFQ DAQs. * Fixed issue with Stream5 overlap limit processing. * Updated the version of LibPCRE bundled with the Windows installer. This update fixes a bug that caused some PCRE matches to fail on Windows. Please see the Release Notes and ChangeLog for more details. Please submit bugs, questions, and feedback tosnort-beta () sourcefire com.Happy Snorting! The Snort Release Team------------------------------------------------------------------------------Nokia and AT&T present the 2010 Calling All Innovators-North AmericacontestCreate new apps & games for the Nokia N8 for consumers in U.S. andCanada$10 million total in prizes - $4M cash, 500 devices, nearly $6M inmarketingDevelop with Nokia Qt SDK, Web Runtime, or Java and Publish to OviStorehttp://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel_______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
-- Joel Esler 302-223-5974
------------------------------------------------------------------------------ Achieve Improved Network Security with IP and DNS Reputation. Defend against bad network traffic, including botnets, malware, phishing sites, and compromised hosts - saving your company time, money, and embarrassment. Learn More! http://p.sf.net/sfu/hpdev2dev-nov
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Snort 2.9.0.1 Now Available Snort Releases (Nov 01)
- Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 01)
- Re: Snort 2.9.0.1 Now Available Steven Sturges (Nov 02)
- Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 03)
- Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Joel Esler (Nov 03)
- Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Miso Patel (Nov 03)
- Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Matthew Jonkman (Nov 03)
- Re: Snort 2.9.0.1 Now Available Randal T. Rioux (Nov 03)
- Re: Snort 2.9.0.1 Now Available Steven Sturges (Nov 02)
- Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
- Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 08)
- Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
- Re: Snort 2.9.0.1 Now Available Steven Sturges (Nov 08)
- Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
- Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 08)
- Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 09)
- Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 01)