Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Net-SNMP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Net-SNMP
ID: MDVSA-2015:092
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: Sa, 28. März 2015, 14:10
Referenzen: http://advisories.mageia.org/MGASA-2014-0122.html
http://advisories.mageia.org/MGASA-2014-0371.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
Applikationen: Net-SNMP

Originalnachricht

This is a multi-part message in MIME format...

------------=_1427538090-3111-14

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:092
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : net-snmp
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated net-snmp packages fix security vulnerabilities:

Remotely exploitable denial of service vulnerability in Net-SNMP,
in the Linux implementation of the ICMP-MIB, making the SNMP
agent vulnerable if it is making use of the ICMP-MIB table objects
(CVE-2014-2284).

Remotely exploitable denial of service vulnerability in Net-SNMP,
in snmptrapd, due to how it handles trap requests with an empty
community string when the perl handler is enabled (CVE-2014-2285).

A remote denial-of-service flaw was found in the way snmptrapd handled
certain SNMP traps when started with the -OQ option. If an attacker
sent an SNMP trap containing a variable with a NULL type where an
integer variable type was expected, it would cause snmptrapd to crash
(CVE-2014-3565).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
http://advisories.mageia.org/MGASA-2014-0122.html
http://advisories.mageia.org/MGASA-2014-0371.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
db108bc819bb011d352ac1be23005ae8
mbs2/x86_64/lib64net-snmp30-5.7.2-14.1.mbs2.x86_64.rpm
10d0754baaebe770c0accea30a4c570b
mbs2/x86_64/lib64net-snmp-devel-5.7.2-14.1.mbs2.x86_64.rpm
f3c20caeb88eee898508110847de93c1
mbs2/x86_64/lib64net-snmp-static-devel-5.7.2-14.1.mbs2.x86_64.rpm
85a8e55a06278248c6d55ed71781d4ae
mbs2/x86_64/net-snmp-5.7.2-14.1.mbs2.x86_64.rpm
dd6b3752ffc3abfa799752d6c68be260
mbs2/x86_64/net-snmp-mibs-5.7.2-14.1.mbs2.x86_64.rpm
dff402077edcdbbbb43876ab37f17c63
mbs2/x86_64/net-snmp-tkmib-5.7.2-14.1.mbs2.x86_64.rpm
e5dd0695599ce24250e9c56398ae708a
mbs2/x86_64/net-snmp-trapd-5.7.2-14.1.mbs2.x86_64.rpm
73e35840936e48e76813ee9aa563e5db
mbs2/x86_64/net-snmp-utils-5.7.2-14.1.mbs2.x86_64.rpm
3fcb54fc22046478a1f4fe25bfb3fbfc
mbs2/x86_64/perl-NetSNMP-5.7.2-14.1.mbs2.x86_64.rpm
f7faf7abe0cb4119a24aa1eb7b4e88e2
mbs2/x86_64/python-netsnmp-5.7.2-14.1.mbs2.x86_64.rpm
70325be4b29a38030ee30a1bea4c0a40 mbs2/SRPMS/net-snmp-5.7.2-14.1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFnIkmqjQ0CJFipgRApj2AJ4siseZB35ENesBHXAJd354ztjc2wCg4i9a
CVlceu1C+yhzzsfXCVXUd5g=
=mTTW
-----END PGP SIGNATURE-----


------------=_1427538090-3111-14
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427538090-3111-14--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung