[ MDVSA-2014:184 ] net-snmp

2014-09-29T00:00:00
ID SECURITYVULNS:DOC:31111
Type securityvulns
Reporter Securityvulns
Modified 2014-09-29T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2014:184 http://www.mandriva.com/en/support/security/


Package : net-snmp Date : September 24, 2014 Affected: Business Server 1.0


Problem Description:

Updated net-snmp packages fix security vulnerabilities:

A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash (CVE-2014-3565).


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565 http://advisories.mageia.org/MGASA-2014-0371.html


Updated Packages:

Mandriva Business Server 1/X86_64: 673e6eed029453ef91d0c7a54bce2592 mbs1/x86_64/lib64net-snmp30-5.7.2-1.2.mbs1.x86_64.rpm f90c40aff23a7411471ee6eb09cc4ba9 mbs1/x86_64/lib64net-snmp-devel-5.7.2-1.2.mbs1.x86_64.rpm 33947f32fdca8d97baea2cf327ad87a7 mbs1/x86_64/lib64net-snmp-static-devel-5.7.2-1.2.mbs1.x86_64.rpm cf6a942c7b95d6316fa316b44a622a2d mbs1/x86_64/net-snmp-5.7.2-1.2.mbs1.x86_64.rpm b504d1e32fd4ac4f3b42e2af11290434 mbs1/x86_64/net-snmp-mibs-5.7.2-1.2.mbs1.x86_64.rpm 53a57ff36f8585ef316a2082fdb5f867 mbs1/x86_64/net-snmp-tkmib-5.7.2-1.2.mbs1.x86_64.rpm 7d3d6ac8e63eba2fe104c1909d87391c mbs1/x86_64/net-snmp-trapd-5.7.2-1.2.mbs1.x86_64.rpm 4093e1a8f9045ddaa465ff8735dfad66 mbs1/x86_64/net-snmp-utils-5.7.2-1.2.mbs1.x86_64.rpm c03a70c4f3a43defc16b4279456adb7e mbs1/x86_64/perl-NetSNMP-5.7.2-1.2.mbs1.x86_64.rpm 0868cbf75d36c9a538b9792367f9c4f8 mbs1/x86_64/python-netsnmp-5.7.2-1.2.mbs1.x86_64.rpm c3653bb6c7ca975b6c08b8dc286c2101 mbs1/SRPMS/net-snmp-5.7.2-1.2.mbs1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUIs+5mqjQ0CJFipgRAiG7AKDBKBmOYpjEwKLyDhnlFys1NZYXvgCgvo3p Xx7kS42QepzftK2O3vKR1yU= =192D -----END PGP SIGNATURE-----