lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Shijp-0002JV-Fr@titan.mandriva.com>
Date: Thu, 21 Jun 2012 16:52:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:099 ] net-snmp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:099
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : net-snmp
 Date    : June 21, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in net-snmp:
 
 An array index error, leading to out-of heap-based buffer read flaw
 was found in the way net-snmp agent performed entries lookup in the
 extension table. When certain MIB subtree was handled by the extend
 directive, a remote attacker having read privilege to the subtree could
 use this flaw to cause a denial of service (snmpd crash) via SNMP GET
 request involving a non-existent extension table entry (CVE-2012-2141).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 549a715a24b4cfed186201abb88ab4c1  2010.1/i586/libnet-snmp20-5.5-7.1mdv2010.2.i586.rpm
 dffee731e289b4c338c02ad8c85a0312  2010.1/i586/libnet-snmp-devel-5.5-7.1mdv2010.2.i586.rpm
 ab2d140c9e9ee6a3ca05df9e4a1e65cb  2010.1/i586/libnet-snmp-static-devel-5.5-7.1mdv2010.2.i586.rpm
 a78a283445d42add9164081350cb2e79  2010.1/i586/net-snmp-5.5-7.1mdv2010.2.i586.rpm
 af747c2cd184b9cd0071320b71e23d62  2010.1/i586/net-snmp-mibs-5.5-7.1mdv2010.2.i586.rpm
 1703166df266d466ee5ebd1e3e42152f  2010.1/i586/net-snmp-tkmib-5.5-7.1mdv2010.2.i586.rpm
 4416385214616480e1a703430de0160d  2010.1/i586/net-snmp-trapd-5.5-7.1mdv2010.2.i586.rpm
 ec6325d9778014907cd3f30a31a02791  2010.1/i586/net-snmp-utils-5.5-7.1mdv2010.2.i586.rpm
 38e51b57e5d9d03edb6ea01545d3bc25  2010.1/i586/perl-NetSNMP-5.5-7.1mdv2010.2.i586.rpm 
 901eeb7abf12be68bc3a24f76cbad087  2010.1/SRPMS/net-snmp-5.5-7.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 568bdf766fd52583fe8793d55cfbc40a  2010.1/x86_64/lib64net-snmp20-5.5-7.1mdv2010.2.x86_64.rpm
 fbdd5492d01aa88de15f63dea689258b  2010.1/x86_64/lib64net-snmp-devel-5.5-7.1mdv2010.2.x86_64.rpm
 2b234ec4b01f31adfbb3d5b77879fdfe  2010.1/x86_64/lib64net-snmp-static-devel-5.5-7.1mdv2010.2.x86_64.rpm
 619b92ffd07067994be02fde7528f951  2010.1/x86_64/net-snmp-5.5-7.1mdv2010.2.x86_64.rpm
 79dc167bfe48718513fdae8b5ffbe9b0  2010.1/x86_64/net-snmp-mibs-5.5-7.1mdv2010.2.x86_64.rpm
 3d9aaff4836efc8f8efb0d3fc7a30f76  2010.1/x86_64/net-snmp-tkmib-5.5-7.1mdv2010.2.x86_64.rpm
 fda5dfbe8012404d6ddd0c3943129665  2010.1/x86_64/net-snmp-trapd-5.5-7.1mdv2010.2.x86_64.rpm
 af024b56711368674499906e957ca59a  2010.1/x86_64/net-snmp-utils-5.5-7.1mdv2010.2.x86_64.rpm
 8071b12044e02a4400a9b7fa5c66f4cc  2010.1/x86_64/perl-NetSNMP-5.5-7.1mdv2010.2.x86_64.rpm 
 901eeb7abf12be68bc3a24f76cbad087  2010.1/SRPMS/net-snmp-5.5-7.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 bd71a939144d1d20b08283401515eab9  2011/i586/libnet-snmp25-5.6.1-9.1-mdv2011.0.i586.rpm
 d56ccb25cbc50ada230b2a568e312560  2011/i586/libnet-snmp-devel-5.6.1-9.1-mdv2011.0.i586.rpm
 d7e9e13bb4feaf78db0354ea35348c0f  2011/i586/libnet-snmp-static-devel-5.6.1-9.1-mdv2011.0.i586.rpm
 13c81c8bb164c99fc6806ba6328d77a7  2011/i586/net-snmp-5.6.1-9.1-mdv2011.0.i586.rpm
 159143bd5eae11219fd33bed27d3db15  2011/i586/net-snmp-mibs-5.6.1-9.1-mdv2011.0.i586.rpm
 350761224456d9d06ad4a9661bc4ee77  2011/i586/net-snmp-tkmib-5.6.1-9.1-mdv2011.0.i586.rpm
 bb34c4dd7512274ba6fbfedada9b4d01  2011/i586/net-snmp-trapd-5.6.1-9.1-mdv2011.0.i586.rpm
 3175051bbd95c1f93c17dac6854de586  2011/i586/net-snmp-utils-5.6.1-9.1-mdv2011.0.i586.rpm
 d6b207acf8e1d199d94cbc2ba9088f56  2011/i586/perl-NetSNMP-5.6.1-9.1-mdv2011.0.i586.rpm
 a6ae19f2f7f865f76880c05d3be5feca  2011/i586/python-netsnmp-5.6.1-9.1-mdv2011.0.i586.rpm 
 0aab253539a0484d932baf04f703d4d2  2011/SRPMS/net-snmp-5.6.1-9.1.src.rpm

 Mandriva Linux 2011/X86_64:
 50841d5a79cbb80c8f3b135d98e62c94  2011/x86_64/lib64net-snmp25-5.6.1-9.1-mdv2011.0.x86_64.rpm
 2f98663d082b1c806049e1d638665bd7  2011/x86_64/lib64net-snmp-devel-5.6.1-9.1-mdv2011.0.x86_64.rpm
 58426391ae5bee8f1063ca96709138de  2011/x86_64/lib64net-snmp-static-devel-5.6.1-9.1-mdv2011.0.x86_64.rpm
 61a36cdaa85b25b990622af254cb5c1c  2011/x86_64/net-snmp-5.6.1-9.1-mdv2011.0.x86_64.rpm
 53d742abefd3d45fcdd6686a4e63c394  2011/x86_64/net-snmp-mibs-5.6.1-9.1-mdv2011.0.x86_64.rpm
 57c665999674a46001de569f5cbaf4b0  2011/x86_64/net-snmp-tkmib-5.6.1-9.1-mdv2011.0.x86_64.rpm
 aedb28e2cca33ab91a5987f08499ce76  2011/x86_64/net-snmp-trapd-5.6.1-9.1-mdv2011.0.x86_64.rpm
 440057cfe374699634e7123f8dfe91c7  2011/x86_64/net-snmp-utils-5.6.1-9.1-mdv2011.0.x86_64.rpm
 d8cb8fa927a32c6d5ce3664f15c95ccf  2011/x86_64/perl-NetSNMP-5.6.1-9.1-mdv2011.0.x86_64.rpm
 3f83c7c8e1073a229bdb2cf3f33d3708  2011/x86_64/python-netsnmp-5.6.1-9.1-mdv2011.0.x86_64.rpm 
 0aab253539a0484d932baf04f703d4d2  2011/SRPMS/net-snmp-5.6.1-9.1.src.rpm

 Mandriva Enterprise Server 5:
 a57d57bfebb80c9a5d73811d5696ee47  mes5/i586/libnet-snmp15-5.4.2-2.4mdvmes5.2.i586.rpm
 db359acdd4bf501f8469a60bdca31439  mes5/i586/libnet-snmp-devel-5.4.2-2.4mdvmes5.2.i586.rpm
 9a68e11e201646d2ea2c06be3db6d03f  mes5/i586/libnet-snmp-static-devel-5.4.2-2.4mdvmes5.2.i586.rpm
 864a7d720acedd85a0b35679e59849a3  mes5/i586/net-snmp-5.4.2-2.4mdvmes5.2.i586.rpm
 6acc806f39f3b6e04d6c16b0ec85acdf  mes5/i586/net-snmp-mibs-5.4.2-2.4mdvmes5.2.i586.rpm
 22c72430d5926751c532535d70c74bdc  mes5/i586/net-snmp-tkmib-5.4.2-2.4mdvmes5.2.i586.rpm
 e1133d9065147744a007f15beea6b963  mes5/i586/net-snmp-trapd-5.4.2-2.4mdvmes5.2.i586.rpm
 2040762a0fa5947010d01e459453803c  mes5/i586/net-snmp-utils-5.4.2-2.4mdvmes5.2.i586.rpm
 99aca626593aa9829e2f66143b9e8a5d  mes5/i586/perl-NetSNMP-5.4.2-2.4mdvmes5.2.i586.rpm 
 0ee5d96c849a98d9600faf2bd20c1bdc  mes5/SRPMS/net-snmp-5.4.2-2.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 6cec4f28c38f6e446976359de2d52c2f  mes5/x86_64/lib64net-snmp15-5.4.2-2.4mdvmes5.2.x86_64.rpm
 280b5df81cced400a9d50cf36e29697a  mes5/x86_64/lib64net-snmp-devel-5.4.2-2.4mdvmes5.2.x86_64.rpm
 456656085d1303473d6b843161a5dfd9  mes5/x86_64/lib64net-snmp-static-devel-5.4.2-2.4mdvmes5.2.x86_64.rpm
 388d6c3f5262a2782c1df1eee2b56ae5  mes5/x86_64/net-snmp-5.4.2-2.4mdvmes5.2.x86_64.rpm
 5581bb503428d43f56047b804e21bebd  mes5/x86_64/net-snmp-mibs-5.4.2-2.4mdvmes5.2.x86_64.rpm
 1643390bf239fa3c54d5959b342ca953  mes5/x86_64/net-snmp-tkmib-5.4.2-2.4mdvmes5.2.x86_64.rpm
 ad3e97af2064f3f1cd9467b69578610a  mes5/x86_64/net-snmp-trapd-5.4.2-2.4mdvmes5.2.x86_64.rpm
 812851c970888bc5cc5c0e7b401e0486  mes5/x86_64/net-snmp-utils-5.4.2-2.4mdvmes5.2.x86_64.rpm
 cfc93c491b3fe7b4c22ed0bcb565f98b  mes5/x86_64/perl-NetSNMP-5.4.2-2.4mdvmes5.2.x86_64.rpm 
 0ee5d96c849a98d9600faf2bd20c1bdc  mes5/SRPMS/net-snmp-5.4.2-2.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP4waNmqjQ0CJFipgRArgNAJ0dg/2Yglk3Ur7coMgqaciT65zCXwCgnCBC
DrN/hendr1zsDadTg/F5ntc=
=nCSt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ