User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2010-17126 (libsmi)

Subject:  [SECURITY] Fedora 12 Update: libsmi-0.4.8-5.fc12
Date:  Wed, 10 Nov 2010 21:40:03 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-17126 2010-11-02 21:39:41 -------------------------------------------------------------------------------- Name : libsmi Product : Fedora 12 Version : 0.4.8 Release : 5.fc12 URL : Summary : A library to access SMI MIB information Description : Libsmi is a C library to access MIB module information through a well defined API that hides the nasty details of locating and parsing SMIv1/v2 MIB modules. This package contains tools to check, dump, and convert MIB definitions and a steadily maintained and revised archive of all IETF and IANA maintained standard MIB modules. -------------------------------------------------------------------------------- Update Information: Resolve CVE-2010-2891 - LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 1 2010 Tom "spot" Callaway <> - 0.4.8-5 - fix CVE-2010-2891 * Thu Feb 25 2010 Radek Vokal <> - 0.4.8-4 - fix lincese field, based on the tarball project is now GPL+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #647520 - CVE-2010-2891 libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libsmi' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds