[Snort-sigs] Snort 2.9.9.0 has been released!

Snort Releases snortreleases at ...95...
Wed Dec 14 12:04:46 EST 2016


Please join the Snort team as we welcome the addition of Snort 2.9.9.0 
to General Availability!

Snort 2.9.9.0 can be downloaded from the usual location on Snort.org 
<https://snort.org/downloads/>.

The new keywords, when they are used, will cause older versions of Snort 
to fail. /(Meaning, you cannot use 2.9.9.0 rules in 2.9.8.3 and below, 
once those keywords are used.)/

Below are the release notes:

Snort 2.9.9.0
[*] New additions

  *  New rule option for byte_math. See the Snort manual for details.
  *  Added bitmask and from_end operations to byte_test. See the Snort 
manual for details.
  *  Added a Buffer Dump utility to trace all of the buffers used by 
snort during inspection.
         - Enable this by --enable-buffer-dump option to configure prior 
to building. See the Snort manual for details.
  *  Added new HTTP preprocessor alerts to detect multiple content 
encoding and multiple content length.
  *  Added support for SMTP Traffic detection over SSL (SMTPS).

[*] Improvements
  *  Fixed an issue which reduces extra service discovery to improve 
performance.
  *  Fixed multiple issues in AppID.
       - Reconstructed the call to port-service detection.
       - Fixed issue where AppId for Facebook over SPDY/HTTP 1.1 was 
incorrect.
       - Preventing third-party application identification for expected 
connections.
  *  Stability improvement for Stream preprocessor.
       - Addressed incorrect flushing of packets whose size is greater 
than MAXIMUM_PAF_MAX.
       - Fixed an issue where incorrect length argument in memcpy caused 
out of bound memory access.
  *  Fixed multiple issues in HttpInspect preprocessor.
       - Handling chunk encoding followed by \r\r\r\n and \n\n\n\r\r\n.
       - Fixed an issue with LZMA flash decompression.
  *  Fixed mime data processing issue in SMTP stateless inspection.
  *  Added support to decode packets that contains VLAN with Secure 
Group Tag (SGT).
  *  Fixed Issue related to DLL-Load in Snort on windows platforms for 
CVE-2016-1417.

The Snort Team would like to thank the following for their contributions 
in the Snort 2.9.9.0 release:

Secureworks
Marcel da Silva
Al Lewis
Steffen Ullrich

As always, join the conversation over on the Snort-Users list 
<https://snort.org/community> for any installation or upgrade assistance!

Thank you,

The Snort Team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161214/b47a32a5/attachment.html>


More information about the Snort-sigs mailing list