CVE-2021-1223 (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2): Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. CVE-2021-1224 (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes): Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. Fixed in 2.9.17. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=daa4f8eaf521161105c604034448b8320eff1e80 commit daa4f8eaf521161105c604034448b8320eff1e80 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-01-15 18:54:49 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-04-09 02:04:49 +0000 net-analyzer/snort: add 2.9.17 Drop GCC 10 patch, unconditionally disable static, convert to GLEP 81. Bug: https://bugs.gentoo.org/765466 Closes: https://bugs.gentoo.org/781365 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: John Helmert III <ajak@gentoo.org> net-analyzer/snort/Manifest | 1 + net-analyzer/snort/snort-2.9.17.ebuild | 247 +++++++++++++++++++++++++++++++++ 2 files changed, 248 insertions(+)
Let's wait a day or two just in case.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e9efc2dfe106592e203e806c8f0f4063513132f commit 1e9efc2dfe106592e203e806c8f0f4063513132f Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-06-11 19:58:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-06-11 20:01:45 +0000 net-analyzer/snort: drop 2.9.16, 2.9.16-r100 Bug: https://bugs.gentoo.org/765466 Signed-off-by: John Helmert III <ajak@gentoo.org> net-analyzer/snort/Manifest | 1 - .../snort/files/snort-2.9.15.1-fno-common.patch | 110 --------- net-analyzer/snort/snort-2.9.16-r100.ebuild | 250 --------------------- net-analyzer/snort/snort-2.9.16.ebuild | 246 -------------------- 4 files changed, 607 deletions(-)