User: Password:
|
|
Subscribe / Log in / New account

Trustix alert TSLSA-2005-0034 (net-snmp,)

From:  Trustix Security Advisor <tsl@trustix.org>
To:  tsl-announce@lists.trustix.org
Subject:  TSLSA-2005-0034 - multi
Date:  Fri, 8 Jul 2005 14:12:17 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2005-0034 Package name: net-snmp, zlib Summary: Multiple vulnerabilities Date: 2005-07-08 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: net-snmp: SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. zlib: The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. Problem description: net-snmp: Fixed a denial of service vulnerability when stream sockets have been configured for use (E.G., TCP but not UDP). Bug#1038 zlib: Security Fix: This flaw is due to a buffer overflow error when processing a malformed data stream, which could be exploited by attackers to execute arbitrary code via a specially crafted compressed stream embedded within network communication or an application file format. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2096. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/>> <URI:ftp://ftp.trustix.org/pub/trustix/updates/>> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/>> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY>> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.2/>> or directly at <URI:http://www.trustix.org/errata/2005/0034/>> MD5sums of the packages: - -------------------------------------------------------------------------- 79da098bccacb4a99c327ba590533663 3.0/rpms/net-snmp-5.2.1.2-1tr.i586.rpm d26360f4f3f1d95003fc6c3ff3f2b59c 3.0/rpms/net-snmp-devel-5.2.1.2-1tr.i586.rpm b51dad2e029dc95d2ca3823412a8afba 3.0/rpms/net-snmp-libs-5.2.1.2-1tr.i586.rpm 67d0e78356ee16b869d413ef2e679156 3.0/rpms/net-snmp-perl-5.2.1.2-1tr.i586.rpm a9733a63ee3da320a530d363b4f2db43 3.0/rpms/net-snmp-utils-5.2.1.2-1tr.i586.rpm acf4b06a55596415c5a450abde693900 3.0/rpms/zlib-1.2.2-4tr.i586.rpm 7d7507f200761f6713ec84893a1ddd3a 3.0/rpms/zlib-devel-1.2.2-4tr.i586.rpm 9d9b72a93b6db09fbc36f3e4ddc5b643 2.2/rpms/zlib-1.2.2-2tr.i586.rpm cd1af2bbc6cf7bc4b19a445d47c76d07 2.2/rpms/zlib-devel-1.2.2-2tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCzmzdi8CEzsK9IksRAtaZAJ92Ot3kwY0wYoVTR6DehkEE6GQKAgCffi+z klHhADqO3FnCfVIaz+SNAVk= =ODxO -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@lists.trustix.org http://lists.trustix.org/mailman/listinfo/tsl-announce


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds