[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nfr-users
Subject:    [nfr-users] MAINTENANCE - Numerous Packages
From:       "M. Dodge Mumford" <dodge () nfr ! net>
Date:       2006-06-30 21:00:37
Message-ID: 20060630210037.GE23404 () nfr ! net
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Updates:
        FTP (Version 19)
        IMAP (Version 14)
        MS SQL (Version 16)
        Trojans and Remote Administration (Version 14)
        WWW 2 (Version 17)

NFR RRT has released updates to the listed packages to address
low-impact issues.

Overview:
        FTP:
                1)  Ensure that the user's password is also sent to the
                    authentication package along with the username.
                2)  Performance update on newer engine versions to use
                    the offsetindex() builtin where available.
                3)  Various documentation clean-ups.

        IMAP:
                1)  Fix bug where the wrong alert context was sent for
                    the commandlen2:mailbox_len_alert alert.  This could
                    cause packet capture to fail for these alerts.

        MS SQL:
                1)  Fix for alert confidence values being incorrectly
                    reported as "<NULL>" in the Enterprise Console.

        Trojans and Remote Administration:
                1)  Fix to only announce startup messages once, instead
                    of one-per-engine-instance, for less noisy restarts.

        WWW 2:
                1)  Fix bug in www2/cgi backend where hex encoded urls
                    were decoded too soon.
                2)  Fix incorrect alert_source in www2/compliance backend.
                3)  Fix to limit the amount of payload data sent to the
                    database in www2/compliance's long lines check.
                    This could result in alerts not appearing in the
                    Enterprise Console.
                4)  Updates to the www2/iis backend to improve detection
                    of existing attacks.
                5)  Deprecated the jpeg2, ms05002, and ms05009 backends.
                    Users should migrate to using the BADFILES package
                    instead.
                6)  Updates to the www2/uservars backend to add common
                    values.

--=20

Dodge

[Attachment #5 (application/pgp-signature)]

_______________________________________________
nfr-users mailing list
nfr-users@nfr.com
http://list.nfr.com/mailman/listinfo/nfr-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic