Hi list,
I prepared two updates:
curl - Update to 7.43.0: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=bdb1c5253...
daq: Update to 2.0.5: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=5d1f2fa5d...
I tested these updates in productive mode (2.17/core91). For me, they seem to run fine - if there are problems, please let me know!
Regards Matthias
Hello,
On Sat, 2015-06-27 at 12:14 +0200, Matthias Fischer wrote:
Hi list,
I prepared two updates:
curl - Update to 7.43.0: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=bdb1c5253...
I merged this right away because it contains some security/stability fixes. You may include any CVE numbers in the commit message if there are any.
daq: Update to 2.0.5: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=5d1f2fa5d...
Should we better ship this together with a snort update? Are there any urgent changes in here?
I tested these updates in productive mode (2.17/core91). For me, they seem to run fine - if there are problems, please let me know!
Regards Matthias
-Michael
Hi,
On 27.06.2015 13:05, Michael Tremer wrote:
curl - Update to 7.43.0: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=bdb1c5253...
I merged this right away because it contains some security/stability fixes. You may include any CVE numbers in the commit message if there are any.
Sorry, I missed that. Next time, I know better. ;-)
Here they are, if still needed (excerpt from CHANGES):
Fixes:
http: do not leak basic auth credentials on re-used connections CVE-2015-3236
test2040: verify basic auth on re-used connections - SMB: rangecheck values read off incoming packet CVE-2015-3237
- SMB: rangecheck values read off incoming packet CVE-2015-3237
...
daq: Update to 2.0.5: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=5d1f2fa5d...
Should we better ship this together with a snort update?
Yep. Don't know why I missed this one. I just saw it yesterday.
Are there any urgent changes in here?
Hm, hard to tell for me - please judge for yourself (Excerpt from 'ChangeLog'): ;-)
***SNIP*** Changes in 2.0.5 Release on 2015-04-22: --------------------------------------- 2015-04-22 18:58 jocornet
* api/daq_common.h: Fixed build issue on windows.
2015-04-01 14:56 maltizer
* configure.ac, os-daq-modules/Makefile.am, os-daq-modules/daq_dump.c, os-daq-modules/daq_netmap.c, os-daq-modules/daq_static_modules.h, sfbpf/Makefile.am: Fixed build issues on FreeBSD. Fixed overflowable snaplen in dump module. Fixed issues with netmap module. ***SNAP***
Perhaps, "overflowable snaplen" and "netmap" could be important!?
Regards Matthias