Red Hat alert: Updated Net-SNMP packages fix security and other bugs

Posted by dave on Jan 15, 2004 10:36 AM EDT
Mailing list		Mail this story
Print this story

Updated Net-SNMP packages are available to correct a security vulnerability and other bugs. 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated Net-SNMP packages fix security and other bugs
Advisory ID:       RHSA-2004:023-01
Issue date:        2004-01-15
Updated on:        0000-04-01
Product:           Red Hat Enterprise Linux
Keywords:          ucd-snmp
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0935
- ---------------------------------------------------------------------

1. Topic:

Updated Net-SNMP packages are available to correct a security vulnerability
and other bugs.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Net-SNMP project includes various Simple Network Management Protocol
(SNMP) tools.

A security issue in Net-SNMP versions before 5.0.9 could allow an existing
user/community to gain access to data in MIB objects that were explicitly
excluded from their view.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0935 to this issue.

Users of Net-SNMP are advised to upgrade to these errata packages containing
Net-SNMP 5.0.9 which is not vulnerable to this issue.  In addition,
Net-SNMP 5.0.9 fixes a number of other minor bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

109622 - net-snmp unauthorised access to mibs

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/3AS/en/os/SRPMS/net-snmp-5.0.9-2.30E.1.src.rpm

i386:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.i386.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.i386.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.i386.rpm

ia64:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.ia64.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.ia64.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.ia64.rpm

ppc:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.ppc.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.ppc.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.ppc.rpm

s390:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.s390.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.s390.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.s390.rpm

s390x:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.s390x.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.s390x.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.s390x.rpm

x86_64:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.x86_64.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.x86_64.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/3ES/en/os/SRPMS/net-snmp-5.0.9-2.30E.1.src.rpm

i386:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.i386.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.i386.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/3WS/en/os/SRPMS/net-snmp-5.0.9-2.30E.1.src.rpm

i386:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.i386.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.i386.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.i386.rpm

ia64:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.ia64.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.ia64.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.ia64.rpm

x86_64:
Available from Red Hat Network: net-snmp-5.0.9-2.30E.1.x86_64.rpm
Available from Red Hat Network: net-snmp-devel-5.0.9-2.30E.1.x86_64.rpm
Available from Red Hat Network: net-snmp-utils-5.0.9-2.30E.1.x86_64.rpm



7. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------

848359f597ebf1a083501cf3c80532fc 3AS/en/os/SRPMS/net-snmp-5.0.9-2.30E.1.src.rpm
79ca1bebbf32c8a2aff71853ade36296 3AS/en/os/i386/net-snmp-5.0.9-2.30E.1.i386.rpm
e7f28a7da234bb6ee2d6f55fda30107c 3AS/en/os/i386/net-snmp-devel-5.0.9-2.30E.1.i386.rpm
bec698635f32742031ebbce4db92f3cd 3AS/en/os/i386/net-snmp-utils-5.0.9-2.30E.1.i386.rpm
c57836c4bc29c2e9a94fcdace13b8352 3AS/en/os/ia64/net-snmp-5.0.9-2.30E.1.ia64.rpm
07f6ddd369d38551baa5e8141c98826a 3AS/

  Nav
» Read more about: Story Type: Security; Groups: Red Hat

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.