Snort RPC Preprocessor Fragment Reassembly Buffer Overflow Vulnerability
Administrators are advised to upgrade vulnerable installations of Snort. A fix has been committed to the CVS tree and is available at the following location:
Gentoo Linux has released an advisory. Users who have installed net-analyzer/snort are advised to upgrade to snort-1.9.1 by issuing the following commands:
emerge -u snort
Mandrake has released a security advisory (MDKSA-2003:029) which contains fixes.
EnGarde Secure Linux has released a security advisory. Information about obtaining and applying the patches are available in the referenced advisory.
Sorcerer Linux has released an advisory. Users are advised to upgrade systems by issuing the following commands:
augur synch && augur update
SmoothWall has released 'fixes2' for SmoothWall 1.0-final systems. Users who are using SmoothWall 0.99 systems are advised to upgrade to SmoothWall 1.0-final. Fixes are also available for SmoothWall 2.0b4-mallard systems. Further information is available in the referenced message.
Conectiva has released a security advisory (CLA-2003:613) which contains fixes for this issue. Users are advised to upgrade their Snort packages as soon as possible.
While NetBSD does not include Snort by default, Snort is available through pkgsrc. NetBSD users who have installed Snort packages should use pkgsrc/security/audit-packages to apply upgrades.
Debian has released a security advisory (DSA 297-1) containing fixes which address this issue. Users are advised to upgrade as soon as possible.
SmoothWall SmoothWall 1.0
Snort Project Snort 1.8
Snort Project Snort 1.8.1
Snort Project Snort 1.8.2
Snort Project Snort 1.8.3
Snort Project Snort 1.8.4 beta1
Snort Project Snort 1.8.4
Snort Project Snort 1.8.5
Snort Project Snort 1.8.6
Snort Project Snort 1.8.7
Snort Project Snort 1.9
SmoothWall SmoothWall 2.0 beta 4