/
Release Notes for Snare Central v7.4.2
Release Notes for Snare Central v7.4.2
- Leigh Purdie (Unlicensed)
- Andrew Madge
Owned by Leigh Purdie (Unlicensed)
Feb 25, 2019
Analytics
Loading data...
Snare Central v7.4.2 was released on 19th December 2018.
Snare Central incorporates the Agent Management Console (AMC), the v2.2.0 Reflector, and the v1.0.3 Snare Agent Manager (SAM).
Change Log
New Features
- Several collection modules have been implemented or upgraded, including:
- Carbon Black
- CISCO Switches/Routers
- Trend DSM
Enhancements
- A new version of Elasticsearch v6.4.3 has been added.
- The elastic geoip plugin is now included.
- A security sanitisation service would explicitly strip HTML and XML tags from events exported to CSV. Although this is reasonable behaviour for most events, an exception has been made for data that explicitly starts with a XML or HTML tag. This allows fields that are pure XML to be exported to CSV unchanged.
Bug Fixes
- An issue in the ElasticShield security wrapper caused unnecessary log messages to appear, when several incorrect username/passwords triggered anti-bulk-password-testing defences.
- Upgrading an existing TI installation would overwrite the TI configuration file, resulting in event delivery to elastic being turned off.
Known Issues
There is a known TLS to TLS over port 6163 problem when sending logs to multiple Snare Central servers. This is being worked on. If a customer does experience a problem then the workaround is
- restart the snare services on both systems then it will reconnect.
- to use TCP over 6161
- or not install this patch if it is a concern
The problem may manifest as a communication problem for the server 2 where the server 1 cant not resume the connection if it was interrupted or there was a network outage between the systems.
Security
- Updates to supporting utilities and configurations have been made in response to normal operating system and application security and functionality fixes.
Operating System Updates
| Package | Previous Version | Update | Details |
|---|---|---|---|
| ghostscript | 9.25~dfsg+1-0ubuntu0.14.04.2 | 9.26~dfsg+0-0ubuntu0.14.04.1 | ghostscript (9.26~dfsg+0-0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: Updated to 9.26 to fix multiple security issues - CVE-2018-19409 - CVE-2018-19475 - CVE-2018-19476 - CVE-2018-19477 * Removed patches included in new version: - debian/patches/0218*.patch - debian/patches/lp1800062.patch * debian/symbols.common: updated for new version. |
| git | 1:1.9.1-1ubuntu0.9 | 1:1.9.1-1ubuntu0.10 | git (1:1.9.1-1ubuntu0.10) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-15298.patch: fix in diff.h, revision.c. - CVE-2017-15298 |
| ldap-utils | 2.4.31-1+nmu2ubuntu8.4 | 2.4.31-1+nmu2ubuntu8.5 | openldap (2.4.31-1+nmu2ubuntu8.5) trusty; urgency=medium * d/apparmor-profile: update apparmor profile to allow reading of files needed when slapd is behaving as a kerberos/gssapi client and acquiring its own ticket. (LP: #1783183) |
| libldap-2.4-2 | 2.4.31-1+nmu2ubuntu8.4 | 2.4.31-1+nmu2ubuntu8.5 | openldap (2.4.31-1+nmu2ubuntu8.5) trusty; urgency=medium * d/apparmor-profile: update apparmor profile to allow reading of files needed when slapd is behaving as a kerberos/gssapi client and acquiring its own ticket. (LP: #1783183) |
| perl | 5.18.2-2ubuntu1.6 | 5.18.2-2ubuntu1.7 | perl (5.18.2-2ubuntu1.7) trusty-security; urgency=medium * SECURITY UPDATE: Integer overflow leading to buffer overflow - debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in util.c. - CVE-2018-18311 * SECURITY UPDATE: Heap-buffer-overflow read - debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to memchr in regcomp.c. - CVE-2018-18313 |
| samba | 2:4.3.11+dfsg-0ubuntu0.14.04.17 | 2:4.3.11+dfsg-0ubuntu0.14.04.19 | samba (2:4.3.11+dfsg-0ubuntu0.14.04.19) trusty-security; urgency=medium * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD Internal DNS server - debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using counter in source4/dns_server/dns_query.c. - CVE-2018-14629 * SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT - debian/patches/CVE-2018-16841.patch: fix segfault on PKINIT with mis-matching principal in source4/kdc/db-glue.c. - CVE-2018-16841 * SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server - debian/patches/CVE-2018-16851.patch: check ret before manipulating blob in source4/ldap_server/ldap_server.c. - CVE-2018-16851 |
| linux-generic | 3.13.0.162.172 | 3.13.0.163.173 | |
| linux-headers-3.13.0-162-generic | 3.13.0-162.212 | ||
| linux-headers-3.13.0-162 | 3.13.0-162.212 | ||
| linux-headers-generic | 3.13.0.162.172 | 3.13.0.163.173 | |
| linux-image-generic | 3.13.0.162.172 | 3.13.0.163.173 | |
| linux-image-server | 3.13.0.162.172 | 3.13.0.163.173 | |
| linux-image-virtual | 3.13.0.162.172 | 3.13.0.163.173 | |
| mokutil | 0.3.0-0ubuntu3~14.04.1 | 0.3.0+1538710437.fb6250f-0ubuntu2~14.04.1 | mokutil (0.3.0+1538710437.fb6250f-0ubuntu2~14.04.1) trusty; urgency=medium * Backport mokutil 0.3.0+1538710437.fb6250f-0ubuntu2 to 14.04. (LP: #1797011) |
, multiple selections available,