lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1EUpk8-000p6FC@finlandia.Infodrom.North.DE> Date: Wed Oct 26 19:17:29 2005 From: joey at infodrom.org (Martin Schulze) Subject: [SECURITY] [DSA 873-1] New net-snmp packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 873-1 security@...ian.org http://www.debian.org/security/ Martin Schulze October 26th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : net-snmp Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CAN-2005-2177 BugTraq ID : 14168 A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent's that have opened a stream based protocol (eg TCP but not UDP). By default, Net-SNMP does not open a TCP port. The old stable distribution (woody) does not contain a net-snmp package. For the stable distribution (sarge) this problem has been fixed in version 5.1.2-6.2. For the unstable distribution (sid) this problem has been fixed in version 5.2.1.2-1. We recommend that you upgrade your net-snmp package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2-6.2.dsc Size/MD5 checksum: 794 0aa985327e01703ee88e9c9fc63dcccb http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2-6.2.diff.gz Size/MD5 checksum: 67941 80b50ece9798c3634843213632ea8b53 http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2.orig.tar.gz Size/MD5 checksum: 3253579 8080555ab3f90011f25d5122042d9a8d Architecture independent components: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.1.2-6.2_all.deb Size/MD5 checksum: 1005346 9f09bd5325ecb399a6b8b8b4c74e409e http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.1.2-6.2_all.deb Size/MD5 checksum: 754688 5c84a39f4fb06e9ffae0c693b4e6c1fe Alpha architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_alpha.deb Size/MD5 checksum: 818316 c130066a195f6061032c039dbb70f4c6 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_alpha.deb Size/MD5 checksum: 1579716 b35f6363a539100eb8a32cdee143c4b5 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_alpha.deb Size/MD5 checksum: 1647842 99a7926ca98e85e3f8742dfc7a46b880 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_alpha.deb Size/MD5 checksum: 820826 8645dbb814fee32fd4dba772806b4e7d http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_alpha.deb Size/MD5 checksum: 733324 0d1113f65055b9802b1f0db33bf8566c AMD64 architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_amd64.deb Size/MD5 checksum: 815302 8b739d0e928cbed3d4e5fc30df4dd26d http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_amd64.deb Size/MD5 checksum: 1553650 907b6ad8b395b2167ed07331d9ae88b1 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_amd64.deb Size/MD5 checksum: 1184882 fd9f8a3c36a0573737d2856e70be4b55 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_amd64.deb Size/MD5 checksum: 815620 073e011929c866ea6793852c48822f38 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_amd64.deb Size/MD5 checksum: 731774 aa783fcf78888d5379c80cadfecba92f ARM architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_arm.deb Size/MD5 checksum: 811116 7c0db64010705b24094b04cb697c21ae http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_arm.deb Size/MD5 checksum: 1477848 0072b62e6a873a7bca251a5a7b1a4ac6 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_arm.deb Size/MD5 checksum: 1120060 5d51cd366d5497c549c95d81233820cb http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_arm.deb Size/MD5 checksum: 810168 1e2aaa41d86cbf1d3455cc3ad1e9246e http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_arm.deb Size/MD5 checksum: 730678 4da842f3e4c7820b6994dbaa4ce9464c Intel IA-32 architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_i386.deb Size/MD5 checksum: 818878 b3b728436c0d24dd71cae4c745d78d69 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_i386.deb Size/MD5 checksum: 1531948 64e0d4d60e1ec437c0693cd80ab5652d http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_i386.deb Size/MD5 checksum: 1100052 a86f8867983efe3eaf2ae2c0a529fcd7 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_i386.deb Size/MD5 checksum: 811618 6939d4e93c77a9da325a1558d0b1c492 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_i386.deb Size/MD5 checksum: 730514 a31ff071dc8dc2406f60d8c9fc4f8a74 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_ia64.deb Size/MD5 checksum: 846348 9902935d551e5eec1aaefdb2689bc1ba http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_ia64.deb Size/MD5 checksum: 1780724 eb6b2eb4ba43a0a0bcb99cdd51b2e4e8 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_ia64.deb Size/MD5 checksum: 1584452 caa05c744a6ce901def3aefa11347302 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_ia64.deb Size/MD5 checksum: 838818 a59fd105fb8b839031eacc1faf3410a4 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_ia64.deb Size/MD5 checksum: 737976 22069dd21aab422a67ca368dc7537aa4 HP Precision architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_hppa.deb Size/MD5 checksum: 829624 8d8d43de36f2846f0f4c689eafc239d1 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_hppa.deb Size/MD5 checksum: 1604876 1f5fc833c478b0e737d89a86b69bf6a0 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_hppa.deb Size/MD5 checksum: 1368226 d77ce1656b2f5f1c09bd98aeb17bb354 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_hppa.deb Size/MD5 checksum: 824466 8a1f5d695a218655932180b3f8e3b49c http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_hppa.deb Size/MD5 checksum: 733168 1c894d59e8d8cad67210b22049c55338 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_m68k.deb Size/MD5 checksum: 811308 675071b60bf7604029d3b9bb7f9d7fa7 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_m68k.deb Size/MD5 checksum: 1437126 f72bf3101dff7666764144e067c222b4 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_m68k.deb Size/MD5 checksum: 996514 d65a43ee4d13f7d8b2e60fcd79bc1a46 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_m68k.deb Size/MD5 checksum: 804982 c401927b09c0ee5c79727bebefcbb026 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_m68k.deb Size/MD5 checksum: 730252 1c91b25ab5926d6da868aa9b4bf84fd4 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_mips.deb Size/MD5 checksum: 784884 fa5d5b971d96c5188aed859eba805eb4 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_mips.deb Size/MD5 checksum: 1413338 1232a5281e48c703c99cabc5ea8777a5 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_mips.deb Size/MD5 checksum: 1312878 d3dd3cd33fef646b53c1e5f5e93ee788 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_mips.deb Size/MD5 checksum: 832678 3eda8f1830383293eba823cf984d15d5 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_mips.deb Size/MD5 checksum: 731444 3c50ceaea9bd62bce4eb4c5fb2bb0678 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_mipsel.deb Size/MD5 checksum: 784866 a2bab5ddee0ec91f396422f0fd0133ee http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_mipsel.deb Size/MD5 checksum: 1418510 ba607a78662d2294d82c7425e804f3d1 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_mipsel.deb Size/MD5 checksum: 1273102 66daf0e381d18f91ddfd738243339b85 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_mipsel.deb Size/MD5 checksum: 832708 3f4362c2c82fea024e2b14c3722b2351 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_mipsel.deb Size/MD5 checksum: 731292 5c06ed6b9b380e2cf88e14f900f0d634 PowerPC architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_powerpc.deb Size/MD5 checksum: 832410 367a1322826f11ef9dcbdc0c2a555a4b http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_powerpc.deb Size/MD5 checksum: 1484164 0489fb05721749be8a77c3b6be7b6814 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_powerpc.deb Size/MD5 checksum: 1322578 4c3972bc7d19a25863efd7fc20447363 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_powerpc.deb Size/MD5 checksum: 824460 80aa5fe58c0d357bfcdea1e6568889d1 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_powerpc.deb Size/MD5 checksum: 731674 94282339ba881ba28c2f06a84dab01e9 IBM S/390 architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_s390.deb Size/MD5 checksum: 793848 a76fffb4dcb478b9ab2a6a304dce5667 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_s390.deb Size/MD5 checksum: 1480932 a81f9fbb32fc486ba92bac8ed84f3abd http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_s390.deb Size/MD5 checksum: 1077868 fcf7d1957102b26ea3a8fa9c70b305e5 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_s390.deb Size/MD5 checksum: 814068 cee89d4ce9dce6cb508e608ad8718796 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_s390.deb Size/MD5 checksum: 731410 9f59b5a7ce92d38560b5c529fd134473 Sun Sparc architecture: http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_sparc.deb Size/MD5 checksum: 813492 8a2bcbc7c3ac29a7de6ab08f1e23a554 http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_sparc.deb Size/MD5 checksum: 1484394 4386034ab461611e28beaefa2acc237c http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_sparc.deb Size/MD5 checksum: 1198292 460d4253893dfd4e87a015427a95cb08 http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_sparc.deb Size/MD5 checksum: 809826 d1b38721fae2ebc880cef0703d7d4d68 http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_sparc.deb Size/MD5 checksum: 730608 26961f57a7aa5fed6a04813b7627531f These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDX8bHW5ql+IAeqTIRAv8EAJ9dOXX+SuYPVnHQbUQhd176V5DGewCglfyJ pHyXmMzmExE5Fn3NIYf+vuw= =mtjW -----END PGP SIGNATURE-----