[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YbnpU-000565-Ui@titan.mandriva.com>
Date: Sat, 28 Mar 2015 11:19:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:092 ] net-snmp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:092
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : net-snmp
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated net-snmp packages fix security vulnerabilities:
Remotely exploitable denial of service vulnerability in Net-SNMP,
in the Linux implementation of the ICMP-MIB, making the SNMP
agent vulnerable if it is making use of the ICMP-MIB table objects
(CVE-2014-2284).
Remotely exploitable denial of service vulnerability in Net-SNMP,
in snmptrapd, due to how it handles trap requests with an empty
community string when the perl handler is enabled (CVE-2014-2285).
A remote denial-of-service flaw was found in the way snmptrapd handled
certain SNMP traps when started with the -OQ option. If an attacker
sent an SNMP trap containing a variable with a NULL type where an
integer variable type was expected, it would cause snmptrapd to crash
(CVE-2014-3565).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
http://advisories.mageia.org/MGASA-2014-0122.html
http://advisories.mageia.org/MGASA-2014-0371.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
db108bc819bb011d352ac1be23005ae8 mbs2/x86_64/lib64net-snmp30-5.7.2-14.1.mbs2.x86_64.rpm
10d0754baaebe770c0accea30a4c570b mbs2/x86_64/lib64net-snmp-devel-5.7.2-14.1.mbs2.x86_64.rpm
f3c20caeb88eee898508110847de93c1 mbs2/x86_64/lib64net-snmp-static-devel-5.7.2-14.1.mbs2.x86_64.rpm
85a8e55a06278248c6d55ed71781d4ae mbs2/x86_64/net-snmp-5.7.2-14.1.mbs2.x86_64.rpm
dd6b3752ffc3abfa799752d6c68be260 mbs2/x86_64/net-snmp-mibs-5.7.2-14.1.mbs2.x86_64.rpm
dff402077edcdbbbb43876ab37f17c63 mbs2/x86_64/net-snmp-tkmib-5.7.2-14.1.mbs2.x86_64.rpm
e5dd0695599ce24250e9c56398ae708a mbs2/x86_64/net-snmp-trapd-5.7.2-14.1.mbs2.x86_64.rpm
73e35840936e48e76813ee9aa563e5db mbs2/x86_64/net-snmp-utils-5.7.2-14.1.mbs2.x86_64.rpm
3fcb54fc22046478a1f4fe25bfb3fbfc mbs2/x86_64/perl-NetSNMP-5.7.2-14.1.mbs2.x86_64.rpm
f7faf7abe0cb4119a24aa1eb7b4e88e2 mbs2/x86_64/python-netsnmp-5.7.2-14.1.mbs2.x86_64.rpm
70325be4b29a38030ee30a1bea4c0a40 mbs2/SRPMS/net-snmp-5.7.2-14.1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFnIkmqjQ0CJFipgRApj2AJ4siseZB35ENesBHXAJd354ztjc2wCg4i9a
CVlceu1C+yhzzsfXCVXUd5g=
=mTTW
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists