Red Hat alert: Updated Net-SNMP packages fix security and other bugs

Posted by dave on Jan 15, 2004 10:36 AM EDT
Mailing list
Mail this story
Print this story

Updated Net-SNMP packages are available to correct a security vulnerability and other bugs.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------- Red Hat Security Advisory

Synopsis: Updated Net-SNMP packages fix security and other bugs Advisory ID: RHSA-2004:023-01 Issue date: 2004-01-15 Updated on: 0000-04-01 Product: Red Hat Enterprise Linux Keywords: ucd-snmp Cross references: Obsoletes: CVE Names: CAN-2003-0935 - ---------------------------------------------------------------------

1. Topic:

Updated Net-SNMP packages are available to correct a security vulnerability and other bugs.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Net-SNMP project includes various Simple Network Management Protocol (SNMP) tools.

A security issue in Net-SNMP versions before 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0935 to this issue.

Users of Net-SNMP are advised to upgrade to these errata packages containing Net-SNMP 5.0.9 which is not vulnerable to this issue. In addition, Net-SNMP 5.0.9 fixes a number of other minor bugs.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

109622 - net-snmp unauthorised access to mibs

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/3AS/en/os/SRPMS/net-snmp-5.0.9-2.30E.1.src.rpm

i386: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.i386.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.i386.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.i386.rpm

ia64: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.ia64.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.ia64.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.ia64.rpm

ppc: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.ppc.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.ppc.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.ppc.rpm

s390: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.s390.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.s390.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.s390.rpm

s390x: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.s390x.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.s390x.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.s390x.rpm

x86_64: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.x86_64.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.x86_64.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/3ES/en/os/SRPMS/net-snmp-5.0.9-2.30E.1.src.rpm

i386: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.i386.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.i386.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/3WS/en/os/SRPMS/net-snmp-5.0.9-2.30E.1.src.rpm

i386: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.i386.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.i386.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.i386.rpm

ia64: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.ia64.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.ia64.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.ia64.rpm

x86_64: Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.x86_64.rpm Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.x86_64.rpm Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.x86_64.rpm



7. Verification:

MD5 sum Package Name - --------------------------------------------------------------------------

848359f597ebf1a083501cf3c80532fc 3AS/en/os/SRPMS/net-snmp-5.0.9-2.30E.1.src.rpm 79ca1bebbf32c8a2aff71853ade36296 3AS/en/os/i386/net-snmp-5.0.9-2.30E.1.i386.rpm e7f28a7da234bb6ee2d6f55fda30107c 3AS/en/os/i386/net-snmp-devel-5.0.9-2.30E.1.i386.rpm bec698635f32742031ebbce4db92f3cd 3AS/en/os/i386/net-snmp-utils-5.0.9-2.30E.1.i386.rpm c57836c4bc29c2e9a94fcdace13b8352 3AS/en/os/ia64/net-snmp-5.0.9-2.30E.1.ia64.rpm 07f6ddd369d38551baa5e8141c98826a 3AS/



  Nav
» Read more about: Story Type: Security; Groups: Red Hat

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.