/
Release Notes for Snare Central v7.4.3
Release Notes for Snare Central v7.4.3
- Leigh Purdie (Unlicensed)
- Andrew Madge
Owned by Leigh Purdie (Unlicensed)
Feb 25, 2019
Analytics
Loading data...
Snare Central v7.4.3 was released on 14th February 2019.
Snare Central incorporates the Agent Management Console (AMC), the v2.2.1 Reflector, and the v1.0.3 Snare Agent Manager (SAM).
Change Log
New Features
- Snare Server 7.4.3 is a patch release that includes bug fixes and operating system security updates. No significant new features have been added.
Enhancements
- The 'mlocate' binary and datastore will be removed when this update is applied. Although the mlocate tool is occasionally useful in system administrative activities, the value does not justify the disk space required in the /var partition.
Bug Fixes
- Reflecting data to TLS destinations from a Snare Server, can be disrupted if the remote server terminates the connection (for example, a reboot of the destination server). Until the source reflector service restarts, there is a risk that data will not transfer to the destination. The updated reflector binary will solve this issue.
- Snare Server v7+ collects and stores Windows eventlog data with updated field names for USER, RETURN and SOURCETYPE. Objectives that use the old field names have been updated to use and display the new field contents.
Operating System Updates
| Package | Previous Version | Update | Details |
|---|---|---|---|
| apache2 | 2.4.7-1ubuntu4.20 | 2.4.7-1ubuntu4.21 | apache2 (2.4.7-1ubuntu4.21) trusty; urgency=medium * d/p/AuthzProviderAlias-visibility.patch: Allow 'es to be seen from auth stanzas under virtual hosts (LP: #1529355) |
| apt | 1.0.1ubuntu2.18 | 1.0.1ubuntu2.19 | |
| ca-certificates | 20170717~14.04.1 | 20170717~14.04.2 | |
| ghostscript | 9.26~dfsg+0-0ubuntu0.14.04.1 | 9.26~dfsg+0-0ubuntu0.14.04.4 | ghostscript (9.26~dfsg+0-0ubuntu0.14.04.4) trusty-security; urgency=medium * SECURITY UPDATE: code execution vulnerability - debian/patches/CVE-2019-6116.patch: address .force* operators exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps, Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps, Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps, Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps, psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h. - CVE-2019-6116 |
| hhvm | 3.29.1-1~trusty | 3.30.2-1~trusty | hhvm (3.30.2-1~trusty) trusty; urgency=medium |
krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 | 1.12+dfsg-2ubuntu5.3 | 1.12+dfsg-2ubuntu5.4 | krb5 (1.12+dfsg-2ubuntu5.4) trusty-security; urgency=medium * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings - CVE-2015-8629 * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY with a NULL policy name - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name - CVE-2015-8630 * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL principal name - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs - CVE-2015-8631 * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to modify a principal - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on empty arg - CVE-2016-3119 * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon is restricted - CVE-2016-3120 * SECURITY UPDATE: KDC assertion failure - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status assertion failures - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment - CVE-2017-11368 * SECURITY UPDATE: Double free vulnerability - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept failure - CVE-2017-11462 * SECURITY UPDATE: Authenticated kadmin with permission to add principals to an LDAP Kerberos can DoS or bypass DN container check. - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN checking - CVE-2018-5729 - CVE-2018-5730 |
| libarchive13 | 3.1.2-7ubuntu2.6 | 3.1.2-7ubuntu2.7 | libarchive (3.1.2-7ubuntu2.7) trusty-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2017-14502.patch: fix in libarchive/archive_read_support_format_rar.c. - CVE-2017-14502 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-1000877.patch: fix in libarchive/archive_read_support_format_rar.c. - CVE-2018-1000877 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-1000878.patch: fix in libarchive/archive_read_support_format_rar.c. - CVE-2018-1000878 |
libcups2 libcupsimage2 | 1.7.2-0ubuntu1.10 | 1.7.2-0ubuntu1.11 | cups (1.7.2-0ubuntu1.11) trusty-security; urgency=medium * SECURITY UPDATE: predictable session cookies - debian/patches/CVE-2018-4700.patch: use better seed in cgi-bin/var.c. - CVE-2018-4700 |
libgudev-1.0-0 libpam-systemd libsystemd-daemon0 libsystemd-login0 libudev1 systemd-services udev | 1:204-5ubuntu20.28 | 1:204-5ubuntu20.29 | systemd (204-5ubuntu20.29) trusty; urgency=medium * d/p/0001-udev-build-by-path-identifiers-for-ATA-devices.patch create /dev/disk/by-path/ symlinks for (s)ata disks (LP: #1802525) |
libnss3 libnss3-nssdb | 2:3.28.4-0ubuntu0.14.04.3 | 2:3.28.4-0ubuntu0.14.04.4 | nss (2:3.28.4-0ubuntu0.14.04.4) trusty-security; urgency=medium * SECURITY UPDATE: side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c. - CVE-2018-0495 * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello - debian/patches/CVE-2018-12384-1.patch: fix random logic in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12384-2.patch: add tests to nss/gtests/ssl_gtest/ssl_loopback_unittest.cc, nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc. - CVE-2018-12384 * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange handling in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12404-3.patch: add constant time mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc, nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h. - CVE-2018-12404 |
| libpixman-1-0 | 0.30.2-2ubuntu1.1 | 0.30.2-2ubuntu1.2 | pixman (0.30.2-2ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: general_composite_rect() integer overflow - debian/patches/CVE-2015-5297-pre1.patch: ensure that iter buffers are aligned to 16 bytes in pixman/pixman-general.c, pixman/pixman-private.h, pixman/pixman-utils.c. - debian/patches/CVE-2015-5297-pre2.patch: use floating point combiners for all operators that involve divisions in pixman/pixman-general.c. - debian/patches/CVE-2015-5297-1.patch: fix stack related pointer arithmetic overflow in pixman/pixman-general.c. - debian/patches/CVE-2015-5297-2.patch: tighten up calculation of temporary buffer sizes in pixman/pixman-general.c. - debian/patches/disable_test.patch: disable blitters test as the correct CRC is unknown. - CVE-2015-5297 |
| policykit-1 | 0.105-4ubuntu3.14.04.2 | 0.105-4ubuntu3.14.04.5 | policykit-1 (0.105-4ubuntu3.14.04.5) trusty-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 |
| openssl | 1.0.1f-1ubuntu2.26 | 1.0.1f-1ubuntu2.27 | openssl (1.0.1f-1ubuntu2.27) trusty-security; urgency=medium * SECURITY UPDATE: PortSmash side channel attack - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in crypto/bn/bn_lib.c, crypto/ec/ec_mult.c. - CVE-2018-5407 * SECURITY UPDATE: timing side channel attack in DSA - debian/patches/CVE-2018-0734-pre1.patch: address a timing side channel in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in crypto/dsa/dsa_ossl.c. - CVE-2018-0734 |
| libtiff5 | 4.0.3-7ubuntu0.9 | 4.0.3-7ubuntu0.10 | tiff (4.0.3-7ubuntu0.10) trusty-security; urgency=medium * SECURITY UPDATE: NULL dereference in TIFFPrintDirectory - debian/patches/CVE-2018-7456.patch: properly handle color channels in libtiff/tif_dirread.c, libtiff/tif_print.c. - CVE-2018-7456 * SECURITY UPDATE: buffer overflow in LZWDecodeCompat - debian/patches/CVE-2018-8905.patch: fix logic in libtiff/tif_lzw.c. - CVE-2018-8905 * SECURITY UPDATE: DoS in TIFFWriteDirectorySec() - debian/patches/CVE-2018-10963.patch: avoid assertion in libtiff/tif_dirwrite.c. - CVE-2018-10963 * SECURITY UPDATE: multiple overflows - debian/patches/CVE-2018-1710x.patch: Avoid overflows in tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c. - CVE-2018-17100 - CVE-2018-17101 * SECURITY UPDATE: JBIGDecode out-of-bounds write - debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c, libtiff/tif_read.c. - CVE-2018-18557 * SECURITY UPDATE: NULL pointer dereference in LZWDecode - debian/patches/CVE-2018-18661.patch: add checks to tools/tiff2bw.c. - CVE-2018-18661 |
| linux-generic | 3.13.0.163.173 | 3.13.0.164.174 | |
| linux-headers-3.13.0-143-generic | 3.13.0-143.192 | ||
| linux-headers-3.13.0-143 | 3.13.0-143.192 | ||
| linux-headers-generic | 3.13.0.163.173 | 3.13.0.164.174 | |
| linux-image-generic | 3.13.0.163.173 | 3.13.0.164.174 | |
| linux-image-server | 3.13.0.163.173 | 3.13.0.164.174 | |
| linux-image-virtual | 3.13.0.163.173 | 3.13.0.164.174 | |
| mlocate | 0.26-1ubuntu1 | NOTE: Although this package has been updated in this Snare Central release, it will be removed during the patch process to save space in the /var filesystem. | |
| mountall | 2.53 | 2.53ubuntu1 | |
| python-lxml | 3.3.3-1ubuntu0.1 | 3.3.3-1ubuntu0.2 | lxml (3.3.3-1ubuntu0.2) trusty-security; urgency=medium * SECURITY UPDATE: XSS attacks - Make the cleaner remove javascript URLs that use espacing in in src/lxml/html/clean.py, src/lxml/html/tests/test_clean.txt. - CVE-2018-19787 |
| tzdata | 2018g-0ubuntu0.14.04 | 2018i-0ubuntu0.14.04 | tzdata (2018i-0ubuntu0.14.04) trusty; urgency=medium * New upstream version, affecting past and future timestamps: - São Tomé and PrÃncipe switches from +01 to +00 on 2019-01-01. - Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. - A new zone Asia/Qostanay has been added, because Qostanay, Kazakhstan didn't move. - Metlakatla, Alaska observes PST this winter only. |
, multiple selections available,
Related content
Release Notes for Snare Central v7.4.4
Release Notes for Snare Central v7.4.4
More like this
Release Notes for Snare Central v7.5.2
Release Notes for Snare Central v7.5.2
More like this
Release Notes for Snare Central v7.1.2
Release Notes for Snare Central v7.1.2
More like this
Release Notes for Snare Linux Agent v5.3.0
Release Notes for Snare Linux Agent v5.3.0
More like this
Release Notes for Snare Epilog Agent v5.0.2
Release Notes for Snare Epilog Agent v5.0.2
More like this
Release Notes for Snare Windows Agent v5.3.0
Release Notes for Snare Windows Agent v5.3.0
More like this