Your message dated Sat, 24 May 2008 14:02:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#482333: fixed in net-snmp 5.4.1~dfsg-7.1
has caused the Debian Bug report #482333,
regarding net-snmp: CVE-2008-2292 buffer overflow in __snprint_value function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
482333: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482333
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Source: net-snmp
Version: 5.2.0-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for net-snmp.
CVE-2008-2292[0]:
| Buffer overflow in the __snprint_value function in snmp_get in
| Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows
| remote attackers to cause a denial of service (crash) and possibly
| execute arbitrary code via a large OCTETSTRING in an attribute value
| pair (AVP).
Patch for 5.4 branch:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs?r1=16765&r2=16770&view=patch
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
http://security-tracker.debian.net/tracker/CVE-2008-2292
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpS2k2u0DlMh.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: net-snmp
Source-Version: 5.4.1~dfsg-7.1
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:
libsnmp-base_5.4.1~dfsg-7.1_all.deb
to pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-7.1_all.deb
libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
libsnmp15_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1_amd64.deb
net-snmp_5.4.1~dfsg-7.1.diff.gz
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1.diff.gz
net-snmp_5.4.1~dfsg-7.1.dsc
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1.dsc
snmp_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1_amd64.deb
snmpd_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1_amd64.deb
tkmib_5.4.1~dfsg-7.1_all.deb
to pool/main/n/net-snmp/tkmib_5.4.1~dfsg-7.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 24 May 2008 13:12:16 +0200
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp-dev libsnmp-perl
libsnmp-python tkmib
Architecture: source all amd64
Version: 5.4.1~dfsg-7.1
Distribution: unstable
Urgency: high
Maintainer: Net-SNMP Packaging Team <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
libsnmp-dev - SNMP (Simple Network Management Protocol) development files
libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
libsnmp-python - SNMP (Simple Network Management Protocol) Python support
libsnmp15 - SNMP (Simple Network Management Protocol) library
snmp - SNMP (Simple Network Management Protocol) applications
snmpd - SNMP (Simple Network Management Protocol) agents
tkmib - SNMP (Simple Network Management Protocol) MIB browser
Closes: 482333
Changes:
net-snmp (5.4.1~dfsg-7.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix buffer overflow in the python and perl module (__snprint_value
function)that can be exploited via large OCTETSTRING in an
attribute value pair (AVP) leading to arbitrary code
execution (CVE-2008-2292; Closes: #482333).
Checksums-Sha1:
46bc59a7e827e70e7097661251e578f7f4844f26 1787 net-snmp_5.4.1~dfsg-7.1.dsc
6f55aca627689b0b1fba0fc7765908d04b245cf7 78969 net-snmp_5.4.1~dfsg-7.1.diff.gz
f4e6435b60ccbef03d5ac6d0a76a3343d89b879b 1377702
libsnmp-base_5.4.1~dfsg-7.1_all.deb
c4033a89ddbb460c2c383b1ba20f88ea8989c861 943506 tkmib_5.4.1~dfsg-7.1_all.deb
1f776169e5985010003d53a7f543f7f76c7df277 956622 snmpd_5.4.1~dfsg-7.1_amd64.deb
3d9a56d3fd1d73f78663c12cf4678a3b205429fd 1044018 snmp_5.4.1~dfsg-7.1_amd64.deb
23ddc833447314d385aaec84b8d9a41b36418141 2151802
libsnmp15_5.4.1~dfsg-7.1_amd64.deb
2088bb03c66b6bdd51270bc1427309641b325cf1 2660690
libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
20f4aa399321291876e48ca8870d6ee2bb1f8011 1024390
libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
95afa01bdbf392ac4629b824752928fdd47f3da7 918748
libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
Checksums-Sha256:
75d7b12c5a25a24efa9a53312ee17bea8935ab7ee04bab7fdb0af1f4c9863ea7 1787
net-snmp_5.4.1~dfsg-7.1.dsc
a739dddf4f7c4a890b27cfeae8442fb2409d55f534a3510a6be52b3a1d921e1e 78969
net-snmp_5.4.1~dfsg-7.1.diff.gz
3b90fe1720ac3c6e8481e7bca372452fb28721db189a819755f8bdbcb2461241 1377702
libsnmp-base_5.4.1~dfsg-7.1_all.deb
a60fbe5ffc8a65455dffee5004a4c5c85b437b3ba22ff3179967cf076280c3a3 943506
tkmib_5.4.1~dfsg-7.1_all.deb
e0251ae5191c356d2aef0aed17789c75c85b95b5dbbe060674292582ec61500c 956622
snmpd_5.4.1~dfsg-7.1_amd64.deb
4a75e1fe71313288abd529b9ddf9f61ad8509aca96e6acafedf993f2e65ffc26 1044018
snmp_5.4.1~dfsg-7.1_amd64.deb
65c8c22b614778513a7c44e084ceeaf0a715854cc9d989b19d3a6b8b1ff78513 2151802
libsnmp15_5.4.1~dfsg-7.1_amd64.deb
478d55137f781bc6ab409ecceffb89d825fd429fd111e5d5450a9892cfbac9a0 2660690
libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
e29312cf3130c280869600218526c82166e0e015712d160b3ed8135a1854bcc1 1024390
libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
8d5853658e6d6681f038abe9e3dff57667bd485db30b2c5aacf0b3e8e6a2585d 918748
libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
Files:
ba959522f2897e255feb8e35005213a2 1787 net optional net-snmp_5.4.1~dfsg-7.1.dsc
6d15354ecd5d987adad8ccd7cda5e2b9 78969 net optional
net-snmp_5.4.1~dfsg-7.1.diff.gz
991ddc26c5d0cfee6552dbc0ce49576b 1377702 libs optional
libsnmp-base_5.4.1~dfsg-7.1_all.deb
17501f4d835095c05657a995d9434e8f 943506 net optional
tkmib_5.4.1~dfsg-7.1_all.deb
efaa0350f2400ed3b0922565980171d1 956622 net optional
snmpd_5.4.1~dfsg-7.1_amd64.deb
3fd38ce0aaa7d962836e1787c3686bef 1044018 net optional
snmp_5.4.1~dfsg-7.1_amd64.deb
8ca1d4a4294916d2edf3cbb785938d53 2151802 libs optional
libsnmp15_5.4.1~dfsg-7.1_amd64.deb
980199e734f1663d8a3b5f848b489ac6 2660690 libdevel optional
libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
83ecd0199397cfd4db853e71fc017443 1024390 perl optional
libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
2c89f178a936e1cce3a86d612edf6629 918748 python optional
libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIN/1HHYflSXNkfP8RAmoYAJ9lrHddOeQJ38Beyi8QkMxu55ZaVACeMGvs
+UbVSMUeaCcfJ5Jpe1cdbrQ=
=xm1b
-----END PGP SIGNATURE-----
--- End Message ---
