User: Password:
Subscribe / Log in / New account

Trustix alert TSLSA-2005-0034 (net-snmp,)

From:  Trustix Security Advisor <>
Subject:  TSLSA-2005-0034 - multi
Date:  Fri, 8 Jul 2005 14:12:17 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2005-0034 Package name: net-snmp, zlib Summary: Multiple vulnerabilities Date: 2005-07-08 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: net-snmp: SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. zlib: The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. Problem description: net-snmp: Fixed a denial of service vulnerability when stream sockets have been configured for use (E.G., TCP but not UDP). Bug#1038 zlib: Security Fix: This flaw is due to a buffer overflow error when processing a malformed data stream, which could be exploited by attackers to execute arbitrary code via a specially crafted compressed stream embedded within network communication or an application file format. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2005-2096. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:>> <URI:>> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:>> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:>> The advisory itself is available from the errata pages at <URI:>> or directly at <URI:>> MD5sums of the packages: - -------------------------------------------------------------------------- 79da098bccacb4a99c327ba590533663 3.0/rpms/net-snmp- d26360f4f3f1d95003fc6c3ff3f2b59c 3.0/rpms/net-snmp-devel- b51dad2e029dc95d2ca3823412a8afba 3.0/rpms/net-snmp-libs- 67d0e78356ee16b869d413ef2e679156 3.0/rpms/net-snmp-perl- a9733a63ee3da320a530d363b4f2db43 3.0/rpms/net-snmp-utils- acf4b06a55596415c5a450abde693900 3.0/rpms/zlib-1.2.2-4tr.i586.rpm 7d7507f200761f6713ec84893a1ddd3a 3.0/rpms/zlib-devel-1.2.2-4tr.i586.rpm 9d9b72a93b6db09fbc36f3e4ddc5b643 2.2/rpms/zlib-1.2.2-2tr.i586.rpm cd1af2bbc6cf7bc4b19a445d47c76d07 2.2/rpms/zlib-devel-1.2.2-2tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCzmzdi8CEzsK9IksRAtaZAJ92Ot3kwY0wYoVTR6DehkEE6GQKAgCffi+z klHhADqO3FnCfVIaz+SNAVk= =ODxO -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds