The Mandriva Security Team has published a new security update: MDKSA-2005:137 - Updated ucd-snmp packages fix a DoS vulnerability for Mandriva Linux.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: ucd-snmp
Advisory ID: MDKSA-2005:137
Date: August 11th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A Denial of Service vulnerability was discovered in the way that
ucd-snmp uses network stream protocols. A remote attacker could send
a ucd-snmp agent a specially crafted packet that would cause the agent
to crash.
The updated packages have been patched to correct this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2177
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
1ec82c6bba06b67fab79512b5d69991f 10.0/RPMS/libsnmp0-4.2.3-8.1.100mdk.i586.rpm
2f71452cb8c240901b01cae587cb99a0 10.0/RPMS/libsnmp0-devel-4.2.3-8.1.100mdk.i586.rpm
991e54c57ec7d6d0347d0fb01299ed7b 10.0/RPMS/ucd-snmp-4.2.3-8.1.100mdk.i586.rpm
03c23cc0777224e66e382df0310e9284 10.0/RPMS/ucd-snmp-utils-4.2.3-8.1.100mdk.i586.rpm
656b798cb43a4fa9b6311a15a7255e53 10.0/SRPMS/ucd-snmp-4.2.3-8.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
6b67f45785c222cf3ec311e7a1e11aa2 amd64/10.0/RPMS/lib64snmp0-4.2.3-8.1.100mdk.amd64.rpm
ba7744a7506b3c3b46d6d81b0e2a17dd amd64/10.0/RPMS/lib64snmp0-devel-4.2.3-8.1.100mdk.amd64.rpm
57ffd179857bdf9d77bc92b89a9eb5ba amd64/10.0/RPMS/ucd-snmp-4.2.3-8.1.100mdk.amd64.rpm
f3aa3c69a2c96d6c5ef6f977091d0390 amd64/10.0/RPMS/ucd-snmp-utils-4.2.3-8.1.100mdk.amd64.rpm
656b798cb43a4fa9b6311a15a7255e53 amd64/10.0/SRPMS/ucd-snmp-4.2.3-8.1.100mdk.src.rpm
Mandrakelinux 10.1:
d21f32fa4f6d9237132d67a8fe1b4a98 10.1/RPMS/libsnmp0-4.2.3-11.1.101mdk.i586.rpm
8ad8f1d530f8596220c72f98fe67097b 10.1/RPMS/libsnmp0-devel-4.2.3-11.1.101mdk.i586.rpm
d1c8c884b432ea3dd02a6fe08d8a5f57 10.1/RPMS/ucd-snmp-4.2.3-11.1.101mdk.i586.rpm
c7b3c2f5fe98def745a564712bbf8296 10.1/RPMS/ucd-snmp-utils-4.2.3-11.1.101mdk.i586.rpm
9abd6284019ce141e0903aa37799f35f 10.1/SRPMS/ucd-snmp-4.2.3-11.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
0cf3cdf2c2fd9f499030fc1e1aa04d3f x86_64/10.1/RPMS/lib64snmp0-4.2.3-11.1.101mdk.x86_64.rpm
e6e8d2722098f70f977d2d928b32a2ef x86_64/10.1/RPMS/lib64snmp0-devel-4.2.3-11.1.101mdk.x86_64.rpm
ca7025278a9b5d2f5c3d36180a5c821b x86_64/10.1/RPMS/ucd-snmp-4.2.3-11.1.101mdk.x86_64.rpm
aa7c499f22e26a12ff3de0da204028dd x86_64/10.1/RPMS/ucd-snmp-utils-4.2.3-11.1.101mdk.x86_64.rpm
9abd6284019ce141e0903aa37799f35f x86_64/10.1/SRPMS/ucd-snmp-4.2.3-11.1.101mdk.src.rpm
Corporate Server 2.1:
6d491b7a64870b3e9f836a05c7a913ee corporate/2.1/RPMS/libsnmp0-4.2.3-4.1.C21mdk.i586.rpm
896f988b8ec39d98e5d5610d481c4b42 corporate/2.1/RPMS/libsnmp0-devel-4.2.3-4.1.C21mdk.i586.rpm
0edbe96f4d21e36da8f0390a68ce66ed corporate/2.1/RPMS/ucd-snmp-4.2.3-4.1.C21mdk.i586.rpm
d3fd811451030ca94ceb9fcefd2f1fbb corporate/2.1/RPMS/ucd-snmp-utils-4.2.3-4.1.C21mdk.i586.rpm
cb4f36a706cf22b259dce990accd0073 corporate/2.1/SRPMS/ucd-snmp-4.2.3-4.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
04503e5c624db249276f1443e1447eb3 x86_64/corporate/2.1/RPMS/libsnmp0-4.2.3-4.1.C21mdk.x86_64.rpm
f122515b0bc5bf07ba097fa511b7e5c9 x86_64/corporate/2.1/RPMS/libsnmp0-devel-4.2.3-4.1.C21mdk.x86_64.rpm
65e892b827b65da9dba1e4b8589a42fe x86_64/corporate/2.1/RPMS/ucd-snmp-4.2.3-4.1.C21mdk.x86_64.rpm
7ad7585692e61205b2655ee8c3357f4d x86_64/corporate/2.1/RPMS/ucd-snmp-utils-4.2.3-4.1.C21mdk.x86_64.rpm
cb4f36a706cf22b259dce990accd0073 x86_64/corporate/2.1/SRPMS/ucd-snmp-4.2.3-4.1.C21mdk.src.rpm
Corporate 3.0:
806a8b30df5fdab502fd4212010fe966 corporate/3.0/RPMS/libsnmp0-4.2.3-8.1.C30mdk.i586.rpm
a17b9b5a8a64b4eea1182780cb047c43 corporate/3.0/RPMS/libsnmp0-devel-4.2.3-8.1.C30mdk.i586.rpm
d79ecaaec17d6890cfcc5e3ddfbd0b59 corporate/3.0/RPMS/ucd-snmp-4.2.3-8.1.C30mdk.i586.rpm
e38b6010ca5a50923487d0da60b124fa corporate/3.0/RPMS/ucd-snmp-utils-4.2.3-8.1.C30mdk.i586.rpm
331f9d7c8087be72b048422556b2e6b3 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
8debb15a1a7ae05cda3cc280605ccf5a x86_64/corporate/3.0/RPMS/lib64snmp0-4.2.3-8.1.C30mdk.x86_64.rpm
e6f458df2f1d5c058e6d7a0d7f8573aa x86_64/corporate/3.0/RPMS/lib64snmp0-devel-4.2.3-8.1.C30mdk.x86_64.rpm
1e6ac132e2090a88df63912219948ffc x86_64/corporate/3.0/RPMS/ucd-snmp-4.2.3-8.1.C30mdk.x86_64.rpm
90e5cea17f37f6107a0fada648b692ea x86_64/corporate/3.0/RPMS/ucd-snmp-utils-4.2.3-8.1.C30mdk.x86_64.rpm
331f9d7c8087be72b048422556b2e6b3 x86_64/corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC+7OXmqjQ0CJFipgRArSKAJwJKcBm/VsggNtfAAFGa1F2p+ijSgCg8Bax
4jzFXfCO8o6Zy1w5DK9VTz4=
=SHMN
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: ucd-snmp
Advisory ID: MDKSA-2005:137
Date: August 11th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A Denial of Service vulnerability was discovered in the way that
ucd-snmp uses network stream protocols. A remote attacker could send
a ucd-snmp agent a specially crafted packet that would cause the agent
to crash.
The updated packages have been patched to correct this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2177
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
1ec82c6bba06b67fab79512b5d69991f 10.0/RPMS/libsnmp0-4.2.3-8.1.100mdk.i586.rpm
2f71452cb8c240901b01cae587cb99a0 10.0/RPMS/libsnmp0-devel-4.2.3-8.1.100mdk.i586.rpm
991e54c57ec7d6d0347d0fb01299ed7b 10.0/RPMS/ucd-snmp-4.2.3-8.1.100mdk.i586.rpm
03c23cc0777224e66e382df0310e9284 10.0/RPMS/ucd-snmp-utils-4.2.3-8.1.100mdk.i586.rpm
656b798cb43a4fa9b6311a15a7255e53 10.0/SRPMS/ucd-snmp-4.2.3-8.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
6b67f45785c222cf3ec311e7a1e11aa2 amd64/10.0/RPMS/lib64snmp0-4.2.3-8.1.100mdk.amd64.rpm
ba7744a7506b3c3b46d6d81b0e2a17dd amd64/10.0/RPMS/lib64snmp0-devel-4.2.3-8.1.100mdk.amd64.rpm
57ffd179857bdf9d77bc92b89a9eb5ba amd64/10.0/RPMS/ucd-snmp-4.2.3-8.1.100mdk.amd64.rpm
f3aa3c69a2c96d6c5ef6f977091d0390 amd64/10.0/RPMS/ucd-snmp-utils-4.2.3-8.1.100mdk.amd64.rpm
656b798cb43a4fa9b6311a15a7255e53 amd64/10.0/SRPMS/ucd-snmp-4.2.3-8.1.100mdk.src.rpm
Mandrakelinux 10.1:
d21f32fa4f6d9237132d67a8fe1b4a98 10.1/RPMS/libsnmp0-4.2.3-11.1.101mdk.i586.rpm
8ad8f1d530f8596220c72f98fe67097b 10.1/RPMS/libsnmp0-devel-4.2.3-11.1.101mdk.i586.rpm
d1c8c884b432ea3dd02a6fe08d8a5f57 10.1/RPMS/ucd-snmp-4.2.3-11.1.101mdk.i586.rpm
c7b3c2f5fe98def745a564712bbf8296 10.1/RPMS/ucd-snmp-utils-4.2.3-11.1.101mdk.i586.rpm
9abd6284019ce141e0903aa37799f35f 10.1/SRPMS/ucd-snmp-4.2.3-11.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
0cf3cdf2c2fd9f499030fc1e1aa04d3f x86_64/10.1/RPMS/lib64snmp0-4.2.3-11.1.101mdk.x86_64.rpm
e6e8d2722098f70f977d2d928b32a2ef x86_64/10.1/RPMS/lib64snmp0-devel-4.2.3-11.1.101mdk.x86_64.rpm
ca7025278a9b5d2f5c3d36180a5c821b x86_64/10.1/RPMS/ucd-snmp-4.2.3-11.1.101mdk.x86_64.rpm
aa7c499f22e26a12ff3de0da204028dd x86_64/10.1/RPMS/ucd-snmp-utils-4.2.3-11.1.101mdk.x86_64.rpm
9abd6284019ce141e0903aa37799f35f x86_64/10.1/SRPMS/ucd-snmp-4.2.3-11.1.101mdk.src.rpm
Corporate Server 2.1:
6d491b7a64870b3e9f836a05c7a913ee corporate/2.1/RPMS/libsnmp0-4.2.3-4.1.C21mdk.i586.rpm
896f988b8ec39d98e5d5610d481c4b42 corporate/2.1/RPMS/libsnmp0-devel-4.2.3-4.1.C21mdk.i586.rpm
0edbe96f4d21e36da8f0390a68ce66ed corporate/2.1/RPMS/ucd-snmp-4.2.3-4.1.C21mdk.i586.rpm
d3fd811451030ca94ceb9fcefd2f1fbb corporate/2.1/RPMS/ucd-snmp-utils-4.2.3-4.1.C21mdk.i586.rpm
cb4f36a706cf22b259dce990accd0073 corporate/2.1/SRPMS/ucd-snmp-4.2.3-4.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
04503e5c624db249276f1443e1447eb3 x86_64/corporate/2.1/RPMS/libsnmp0-4.2.3-4.1.C21mdk.x86_64.rpm
f122515b0bc5bf07ba097fa511b7e5c9 x86_64/corporate/2.1/RPMS/libsnmp0-devel-4.2.3-4.1.C21mdk.x86_64.rpm
65e892b827b65da9dba1e4b8589a42fe x86_64/corporate/2.1/RPMS/ucd-snmp-4.2.3-4.1.C21mdk.x86_64.rpm
7ad7585692e61205b2655ee8c3357f4d x86_64/corporate/2.1/RPMS/ucd-snmp-utils-4.2.3-4.1.C21mdk.x86_64.rpm
cb4f36a706cf22b259dce990accd0073 x86_64/corporate/2.1/SRPMS/ucd-snmp-4.2.3-4.1.C21mdk.src.rpm
Corporate 3.0:
806a8b30df5fdab502fd4212010fe966 corporate/3.0/RPMS/libsnmp0-4.2.3-8.1.C30mdk.i586.rpm
a17b9b5a8a64b4eea1182780cb047c43 corporate/3.0/RPMS/libsnmp0-devel-4.2.3-8.1.C30mdk.i586.rpm
d79ecaaec17d6890cfcc5e3ddfbd0b59 corporate/3.0/RPMS/ucd-snmp-4.2.3-8.1.C30mdk.i586.rpm
e38b6010ca5a50923487d0da60b124fa corporate/3.0/RPMS/ucd-snmp-utils-4.2.3-8.1.C30mdk.i586.rpm
331f9d7c8087be72b048422556b2e6b3 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
8debb15a1a7ae05cda3cc280605ccf5a x86_64/corporate/3.0/RPMS/lib64snmp0-4.2.3-8.1.C30mdk.x86_64.rpm
e6f458df2f1d5c058e6d7a0d7f8573aa x86_64/corporate/3.0/RPMS/lib64snmp0-devel-4.2.3-8.1.C30mdk.x86_64.rpm
1e6ac132e2090a88df63912219948ffc x86_64/corporate/3.0/RPMS/ucd-snmp-4.2.3-8.1.C30mdk.x86_64.rpm
90e5cea17f37f6107a0fada648b692ea x86_64/corporate/3.0/RPMS/ucd-snmp-utils-4.2.3-8.1.C30mdk.x86_64.rpm
331f9d7c8087be72b048422556b2e6b3 x86_64/corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC+7OXmqjQ0CJFipgRArSKAJwJKcBm/VsggNtfAAFGa1F2p+ijSgCg8Bax
4jzFXfCO8o6Zy1w5DK9VTz4=
=SHMN
-----END PGP SIGNATURE-----