Mageia alert MGASA-2012-0128 (net-snmp)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2012-0128: net-snmp-5.6.1-7.1.mga1
 (1/core), net-snmp-5.7.1-3.1.mga2 (2/core) 
Date:
    	     
 
Wed, 27 Jun 2012 15:16:27 +0200
Message-ID:
    	     
 
<20120627131627.GA1259@valstar.mageia.org>

MGASA-2012-0128
Date: 	June 27th, 2012
Affected releases: 	1, 2


Description:
Updated net-snmp packages fix security vulnerability:

An array index error, leading to out-of heap-based buffer read flaw
was found in the way net-snmp agent performed entries lookup in the
extension table. When certain MIB subtree was handled by the extend
directive, a remote attacker having read privilege to the subtree could
use this flaw to cause a denial of service (snmpd crash) via SNMP GET
request involving a non-existent extension table entry (CVE-2012-2141).


Updated Packages:
Mageia 1:
net-snmp-5.6.1-7.1.mga1
net-snmp-mibs-5.6.1-7.1.mga1
net-snmp-tkmib-5.6.1-7.1.mga1
net-snmp-trapd-5.6.1-7.1.mga1
net-snmp-utils-5.6.1-7.1.mga1
perl-NetSNMP-5.6.1-7.1.mga1
lib(64)net-snmp25-5.6.1-7.1.mga1
lib(64)net-snmp-devel-5.6.1-7.1.mga1
lib(64)net-snmp-static-devel-5.6.1-7.1.mga1

Mageia 2:
net-snmp-5.7.1-3.1.mga2
net-snmp-mibs-5.7.1-3.1.mga2
net-snmp-tkmib-5.7.1-3.1.mga2
net-snmp-trapd-5.7.1-3.1.mga2
net-snmp-utils-5.7.1-3.1.mga2
perl-NetSNMP-5.7.1-3.1.mga2
python-netsnmp-5.7.1-3.1.mga2
lib(64)net-snmp30-5.7.1-3.1.mga2
lib(64)net-snmp-devel-5.7.1-3.1.mga2
lib(64)net-snmp-static-devel-5.7.1-3.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141

http://www.mandriva.com/en/support/security/advisories/?d...
https://bugs.mageia.org/show_bug.cgi?id=6076

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...