Snort mailing list archives
Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704)
From: "Joel Esler \(jesler\) via Snort-devel" <snort-devel () lists snort org>
Date: Tue, 21 May 2019 15:41:29 +0000
That detail has not been provided to me. I simply want to bring awareness that the fact that this exists, and only affects a minor subset of users. From: Snort User <snort.user () gmail com> Date: Tuesday, May 21, 2019 at 11:31 AM To: "Joel Esler (jesler)" <jesler () cisco com> Cc: snort-devel <snort-devel () lists snort org> Subject: Re: [Snort-devel] Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Will the blog detail on the scenario that causes the issue and the risk etc? Thanks On Tue, May 21, 2019 at 10:06 AM Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: I have verified that these vulnerabilities were corrected with 2.9.13.0. We recommend all users not using 2.9.13.0 to upgrade to 2.9.13.0 as soon as you can. We’ll put out a blog post soon. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com From: Snort-devel <snort-devel-bounces () lists snort org<mailto:snort-devel-bounces () lists snort org>> on behalf of "Joel Esler (jesler) via Snort-devel" <snort-devel () lists snort org<mailto:snort-devel () lists snort org>> Reply-To: "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>> Date: Monday, May 20, 2019 at 5:18 PM To: Snort User <snort.user () gmail com<mailto:snort.user () gmail com>>, snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists snort org>> Subject: Re: [Snort-devel] Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Thanks, I am in touch with the product team now to clarify and if action is needed, to take action. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com From: Snort-devel <snort-devel-bounces () lists snort org<mailto:snort-devel-bounces () lists snort org>> on behalf of Snort User via Snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists snort org>> Reply-To: Snort User <snort.user () gmail com<mailto:snort.user () gmail com>> Date: Monday, May 20, 2019 at 10:40 AM To: snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists snort org>> Subject: [Snort-devel] Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Hi https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort In the above report, I saw - "These vulnerabilities may also affect the open-source Snort project. For more information, see the Snort website<https://www.snort.org/>." However, I did not see any information on the website (or I missed it) I could not find any relevant info in the ChangeLog of the most recent release. Can anyone provide any details or info on this? - Is Snort affected? How? - Which versions? Is a patch available? etc
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Snort User via Snort-devel (May 20)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 20)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Snort User via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Vladimir Kunschikov via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Vladimir Kunschikov via Snort-devel (May 24)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 20)