Fedora Core 4 Update: net-snmp-5.2.1.2-fc4.1
Posted by Benjamin D. Thomas   
Fedora A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent"s which have opened a stream based protocol (EG, TCP but not UDP; it should be noted that Net-SNMP does not by default open a TCP port).
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-561
2005-07-13
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : net-snmp
Version     : 5.2.1.2                      
Release     : fc4.1                  
Summary     : A collection of SNMP protocol tools and libraries.
Description :
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.

You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.

Building option:
	--without tcp_wrappers : disable tcp_wrappers support

---------------------------------------------------------------------
Update Information:

A security vulnerability has been found in Net-SNMP releases that
 could allow a denial of service attack against Net-SNMP agent"s which
 have opened a stream based protocol (EG, TCP but not UDP; it should be
 noted that Net-SNMP does not by default open a TCP port).

http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455
---------------------------------------------------------------------
* Wed Jul 13 2005 Radek Vokal  - 5.2.1.2-fc4.1

- CAN-2005-2177 new upstream version fixing DoS (#162908)

* Tue May 31 2005 Radek Vokal  - 5.2.1-13

- CAN-2005-1740 net-snmp insecure temporary file usage (#158770)
- patch from suse.de


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

b79090650c617e039939241bdc7b3946  SRPMS/net-snmp-5.2.1.2-fc4.1.src.rpm
80b5a855b95900fb5973e6073d25d851  ppc/net-snmp-5.2.1.2-fc4.1.ppc.rpm
478843b0b1c7bc5f04a053bcdb6ddcd8  ppc/net-snmp-utils-5.2.1.2-fc4.1.ppc.rpm
270fc3fecbfbd31718c756f2d0bf2d36  ppc/net-snmp-devel-5.2.1.2-fc4.1.ppc.rpm
33c28040e1ca630bc6f8bfe84ad4af38  ppc/net-snmp-perl-5.2.1.2-fc4.1.ppc.rpm
242d3108af124c3b9d457e8da9ba766d  ppc/net-snmp-libs-5.2.1.2-fc4.1.ppc.rpm
ad273e2a6a6acd3169f4d193b06c3688  ppc/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.ppc.rpm
acb18e87eb710d133a3622954867254a  ppc/net-snmp-libs-5.2.1.2-fc4.1.ppc64.rpm
7de313a1ac5f52382aee5c165653618e  x86_64/net-snmp-5.2.1.2-fc4.1.x86_64.rpm
092b4dfe9ec5b1c19a40a7db2a82dc63  x86_64/net-snmp-utils-5.2.1.2-fc4.1.x86_64.rpm
627b1a3adc9d2c1236085aae4bf2cec5  x86_64/net-snmp-devel-5.2.1.2-fc4.1.x86_64.rpm
7819a593d4b083010ca3ed4939956d68  x86_64/net-snmp-perl-5.2.1.2-fc4.1.x86_64.rpm
cca2e6c99cc7a0a6c6de8a08ab095f94  x86_64/net-snmp-libs-5.2.1.2-fc4.1.x86_64.rpm
148c341e81c53c5098d79c4bcc3f931c  x86_64/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.x86_64.rpm
2ffdbca98fbfff39b894eab6d6f9faaa  x86_64/net-snmp-libs-5.2.1.2-fc4.1.i386.rpm
e7e5ee415a6239d3a5c7e9d1174a07ab  i386/net-snmp-5.2.1.2-fc4.1.i386.rpm
ea9380fb6c23881a2aa861974a32d041  i386/net-snmp-utils-5.2.1.2-fc4.1.i386.rpm
874b9d3fd002d524d3e45a67f88f163e  i386/net-snmp-devel-5.2.1.2-fc4.1.i386.rpm
c6c304989cb5c4ba74736e2eba48848d  i386/net-snmp-perl-5.2.1.2-fc4.1.i386.rpm
2ffdbca98fbfff39b894eab6d6f9faaa  i386/net-snmp-libs-5.2.1.2-fc4.1.i386.rpm
eab2776c49ae418dabab1d85cd95a698  i386/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list