Package: snort Version: 2.3.3-11 Severity: important Tags: security sarge testing sid
A vulnerability has been recently published that affects Snort which is based on the "Backtracking Algorithmic Complexity Attacks Against a NIDS" written by Randy Smith, Cristian Estan, and Somesh Jha This vulnerability is described in the above paper and at Bugtraq's security database (BID-21991) and affects any Snort version prior to 2.6.1 (including 2.3.2-3 in stable and 2.3.3-11 in unstable). CVE reference is CVE-2006-6931 Since this is a DoS I'm not putting it in a 'serious' severity or higher. I still have to review the CVS to backport a patch for 2.3.3 and 2.3.2 (if the Security Team believes a DSA is in order) Regards Javier [1] http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf [2] http://www.securityfocus.com/bid/21991
signature.asc
Description: Digital signature