[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WO2ro-0001WS-HO@titan.mandriva.com>
Date: Thu, 13 Mar 2014 11:28:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:052 ] net-snmp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:052
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : net-snmp
Date : March 13, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated net-snmp packages fix two vulnerabilities:
Remotely exploitable denial of service vulnerability in Net-SNMP,
in the Linux implementation of the ICMP-MIB, making the SNMP
agent vulnerable if it is making use of the ICMP-MIB table objects
(CVE-2014-2284).
Remotely exploitable denial of service vulnerability in Net-SNMP,
in snmptrapd, due to how it handles trap requests with an empty
community string when the perl handler is enabled (CVE-2014-2285).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
http://advisories.mageia.org/MGASA-2014-0122.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
75e24feeb05a77c70995a9a1175da857 mbs1/x86_64/lib64net-snmp30-5.7.2-1.1.mbs1.x86_64.rpm
2eda4de0bd258d015818e0b18de62453 mbs1/x86_64/lib64net-snmp-devel-5.7.2-1.1.mbs1.x86_64.rpm
280aa9c311cd4373fd0001ad0b1ac3b3 mbs1/x86_64/lib64net-snmp-static-devel-5.7.2-1.1.mbs1.x86_64.rpm
e2e77246cbcf195d3842c029e3e17f80 mbs1/x86_64/net-snmp-5.7.2-1.1.mbs1.x86_64.rpm
832ac7ed2bbdc701173d3042d862f8b6 mbs1/x86_64/net-snmp-mibs-5.7.2-1.1.mbs1.x86_64.rpm
dbde6cc67a4610c2d2a1aa23e30f2417 mbs1/x86_64/net-snmp-tkmib-5.7.2-1.1.mbs1.x86_64.rpm
5c2a7541316aa4f4eddfe19fe04fd97f mbs1/x86_64/net-snmp-trapd-5.7.2-1.1.mbs1.x86_64.rpm
87162adb1b12d29070b53257ceeef286 mbs1/x86_64/net-snmp-utils-5.7.2-1.1.mbs1.x86_64.rpm
7e2681b068903c4e28dd5d31ca37ef70 mbs1/x86_64/perl-NetSNMP-5.7.2-1.1.mbs1.x86_64.rpm
ed8bcbc6470482d1e78567d06e8e608a mbs1/x86_64/python-netsnmp-5.7.2-1.1.mbs1.x86_64.rpm
5c6e6b75f38386964efe4340b2436873 mbs1/SRPMS/net-snmp-5.7.2-1.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTIV4rmqjQ0CJFipgRAgWkAJ45l7yEOU6KIy3ySIumvZB0eShVQwCfW1Bh
zMDFEhf4YiB6foTD9u+uUPs=
=STrP
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists