[Snort-devel] Snort-devel Digest, Vol 5, Issue 2

Rajkumar rpandi at unm.edu
Wed Oct 11 17:59:47 EDT 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
This version is released fixing all bugs in preprocessors including stream5.

Raj


On 10/11/2017 11:06 AM, snort-devel-request at lists.snort.org wrote:
> Send Snort-devel mailing list submissions to > snort-devel at lists.snort.org > > To subscribe or unsubscribe via the
World Wide Web, visit >
https://lists.snort.org/mailman/listinfo/snort-devel > or, via email,
send a message with subject or body 'help' to >
snort-devel-request at lists.snort.org > > You can reach the person
managing the list at > snort-devel-owner at lists.snort.org > > When
replying, please edit your Subject line so it is more specific > than
"Re: Contents of Snort-devel digest..." > > > Today's Topics: > > 1.
Snort 2.9.11.0 has been released! (Snort Releases) > 2. Re: [Snort-sigs]
Snort 2.9.11.0 has been released! > (Joel Esler (jesler)) > > >
---------------------------------------------------------------------- >
> Message: 1 > Date: Wed, 11 Oct 2017 12:28:29 -0400 > From: Snort
Releases <snortreleases at snort.org> > To: snort-users at lists.snort.org,
snort-sigs at lists.snort.org, > snort-devel at lists.snort.org,
snort-openappid at lists.snort.org > Subject: [Snort-devel] Snort 2.9.11.0
has been released! > Message-ID:
<e9735b82-c16f-c48e-c52c-7fb96c311ad6 at snort.org> > Content-Type:
text/plain; charset="utf-8"; Format="flowed" > > Please join the Snort
team as we welcome the addition of Snort 2.9.11.0 > to general
availability! > > Snort 2.9.11.0 can be downloaded from the usual
location on Snort.org > <https://www.snort.org/downloads>. > > Below are
the release notes: > > > Snort 2.9.11 > [*] New additions > > > Changes
to eliminate Snort restart when there are changes to the memory >
allocated for preprocessors, by releasing unused or least recently used
> memory when needed. > Added support for storing filenames in Unicode
for SMB protocol. > Added implementation of hostPortCache versioning for
unknown flows in > AppID to detect and block BitTorrent. > > > [*]
Improvements > > > Enhanced RTSP metadata parsing to match the
user-agent field to detect > RTSP traffic over Windows Media. >
Performance improvement when SYN rate limit has reached and drop is >
configured as next action > Control-socket and side-channel support for
FreeBSD platform. > Fixed issue in file signature lookup for
retransmitted FTP packet. > Enhanced the processing of SIP/RTP future
flows without ignoring them. > Changes made in PDF/SWF decompression by
adding boundary to the size of > the decompressed data. > Added a null
check to prevent copy unless debugHostIp is configured in > AppId. >
Fixed issue where FTP file type block doesn't work for retried download.
> Resolved issue where Snort is inappropriately handling traffic for
which > AppId was creating future flow. > Performance improvements for
SIP/RTP audio and video data flow in AppId. > Performance and stability
improvements in FTP preprocessor like > incorrect referencing of
ftp_data_session after its pruned. > Stability improvement by resolving
valgrind reported issues in AppId. > Improved flushing mechanism for
HTTP POST header. > Added changes to display AppId for IPv6 unified
events. > Fixed issues with printing of messages for out-of-order
packets. > Fixed issue in increment of detection filter counter when
rule is used > in multiple configurations. > Fixed dynamic preprocessor
compilation failure in OpenBSD platform. > Added changes to improve
performance of ipvar list comparison. > Enhanced SMTP client detection
by allowing line folding and all > authentication methods. > > As
always, join the conversation over on the Snort-Users list >
<https://www.snort.org/community> for any installation or upgrade >
assistance! > > -------------- next part -------------- > An HTML
attachment was scrubbed... > URL:
<https://lists.snort.org/pipermail/snort-devel/attachments/20171011/5084c4ac/attachment-0001.html>
> > ------------------------------ > > Message: 2 > Date: Wed, 11 Oct
2017 17:06:22 +0000 > From: "Joel Esler (jesler)" <jesler at cisco.com> >
To: Glenn Ungaro <gungaro at necscorp.com> > Cc: "snort-team(mailer list)"
<snort-team at cisco.com>, > "snort-sigs at lists.snort.org"
<snort-sigs at lists.snort.org>, > "snort-devel at lists.snort.org"
<snort-devel at lists.snort.org>, > "snort-openappid at lists.snort.org"
<snort-openappid at lists.snort.org>, > "snort-users at lists.snort.org"
<snort-users at lists.snort.org> > Subject: Re: [Snort-devel] [Snort-sigs]
Snort 2.9.11.0 has been > released! > Message-ID:
<7570F0C6-15C7-4C09-A68A-0FF9CC61F287 at cisco.com> > Content-Type:
text/plain; charset="utf-8" > > We do not control PFSense?s upgrade
cycle. You will have to ask the PFSense developers via their forums to
upgrade the version of Snort inside the PFSense system. > > -- > Joel
Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com> > > >
> > > > On Oct 11, 2017, at 12:54 PM, Glenn Ungaro
<gungaro at necscorp.com<mailto:gungaro at necscorp.com>> wrote: > > Any
chance this will be available for pfSense as well? > > > Glenn Ungaro >
Asst. Network Administrator > Northeast Computer Corp. >
gungaro at necscorp.com<mailto:gungaro at necscorp.com> > > > On Oct 11, 2017,
at 12:28 PM, Snort Releases
<snortreleases at snort.org<mailto:snortreleases at snort.org>> wrote: > > >
Please join the Snort team as we welcome the addition of Snort 2.9.11.0
to general availability! > > Snort 2.9.11.0 can be downloaded from the
usual location on Snort.org<https://www.snort.org/downloads>. > > Below
are the release notes: > > > Snort 2.9.11 > [*] New additions > > >
Changes to eliminate Snort restart when there are changes to the memory
allocated for preprocessors, by releasing unused or least recently used
memory when needed. > Added support for storing filenames in Unicode for
SMB protocol. > Added implementation of hostPortCache versioning for
unknown flows in AppID to detect and block BitTorrent. > > > [*]
Improvements > > > Enhanced RTSP metadata parsing to match the
user-agent field to detect RTSP traffic over Windows Media. >
Performance improvement when SYN rate limit has reached and drop is
configured as next action > Control-socket and side-channel support for
FreeBSD platform. > Fixed issue in file signature lookup for
retransmitted FTP packet. > Enhanced the processing of SIP/RTP future
flows without ignoring them. > Changes made in PDF/SWF decompression by
adding boundary to the size of the decompressed data. > Added a null
check to prevent copy unless debugHostIp is configured in AppId. > Fixed
issue where FTP file type block doesn't work for retried download. >
Resolved issue where Snort is inappropriately handling traffic for which
AppId was creating future flow. > Performance improvements for SIP/RTP
audio and video data flow in AppId. > Performance and stability
improvements in FTP preprocessor like incorrect referencing of
ftp_data_session after its pruned. > Stability improvement by resolving
valgrind reported issues in AppId. > Improved flushing mechanism for
HTTP POST header. > Added changes to display AppId for IPv6 unified
events. > Fixed issues with printing of messages for out-of-order
packets. > Fixed issue in increment of detection filter counter when
rule is used in multiple configurations. > Fixed dynamic preprocessor
compilation failure in OpenBSD platform. > Added changes to improve
performance of ipvar list comparison. > Enhanced SMTP client detection
by allowing line folding and all authentication methods. > > As always,
join the conversation over on the Snort-Users
list<https://www.snort.org/community> for any installation or upgrade
assistance! > > _______________________________________________ >
Snort-sigs mailing list >
Snort-sigs at lists.snort.org<mailto:Snort-sigs at lists.snort.org> >
https://lists.snort.org/mailman/listinfo/snort-sigs > >
http://www.snort.org > > Please visit http://blog.snort.org for the
latest news about Snort! > > Visit the Snort.org<http://Snort.org> to
subscribe to the official Snort ruleset, make sure to stay up to date to
catch the most <a href="
https://snort.org/downloads/#rule-downloads">emerging threats</a>! > >
_______________________________________________ > Snort-sigs mailing
list > Snort-sigs at lists.snort.org<mailto:Snort-sigs at lists.snort.org> >
https://lists.snort.org/mailman/listinfo/snort-sigs > >
http://www.snort.org > > Please visit http://blog.snort.org for the
latest news about Snort! > > Visit the Snort.org to subscribe to the
official Snort ruleset, make sure to stay up to date to catch the most
<a href=" https://snort.org/downloads/#rule-downloads">emerging
threats</a>! > > -------------- next part -------------- > An HTML
attachment was scrubbed... > URL:
<https://lists.snort.org/pipermail/snort-devel/attachments/20171011/2abf9ae9/attachment.html>
> > ------------------------------ > > Subject: Digest Footer > >
_______________________________________________ > Snort-devel mailing
list > Snort-devel at lists.snort.org >
https://lists.snort.org/mailman/listinfo/snort-devel > > >
------------------------------ > > End of Snort-devel Digest, Vol 5,
Issue 2 > *****************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQIcBAEBCAAGBQJZ3pRSAAoJEN9aK+cL7XQJTOcP/19xgLDsf2bUzib1xNwpgeth
cjkWFFcpAa8de7OVCNHOyzRCfY6QOgih7XeacOsXco+KlmOOYNXEcNSVUkIx4R9H
sQEukbrevVSWCjkuG8l/OE1nalkCQZm9UVOAOP0MgpgGFlGOAqdWXkmXQ/Isrddb
OmArImRucNsR044xVlsrYdf0hlKqDt/FHDTwtezNE4fOcJIm+G9Q/WEK66YsrEkg
Wg/WraiA1BzpVH59XBzQ+i/pRJC4Nkm0x4eonwwi2hJ8bsnJTr+6y860mkALC6Xh
qZjXiLtOBSGaXiB8nRvTCyJjdLwY97qfR5YMhm8m84zoXUAhgzQbbUqPojuNqvBy
4XcO3tgd7PuYNUeUSUSd+jAP3G6bSSuDuKP4UHPWjp3cld5JhUnIMnGP+rU/f104
wstfaIV6qpr8lASl/zNUQufV6BbfdETzYwV+3whHTWIx9uc9di3iC51Gth9bFb2M
IQS/L0SqkH7HqB9F0cvTAH+weaXUsthrH2ryNAAe7z6hz74lI9pD7bNxCma3djap
6d7drP37J2OjSwp6b1mVpgSESXjZEQkfEVsk92x+nXNJZbQXvs7yX1Wj+w/Q5AM8
qC9DqXRps47UoXAuzXX21gKhj0dTtX7lF/p2WBK+I8rDe2SsaiLUo044Fw/tF6hC
/u5M9IJup4u3bNDmpzbu
=vpT1
-----END PGP SIGNATURE-----




More information about the Snort-devel mailing list