OoO Pendant le temps de midi du jeudi 09 juillet 2009, vers 12:11, Dave Shield <[email protected]> disait :
>> I'm using the library libsnmp-python available in the depositories of >> Ubuntu. The version of this library is 5.4.1~dfsg-4ubuntu4.2. > Hmmm.... this code affected by this patch doesn't seem to be present > in the 5.4.1 release. It's fixing a bug that was introduced after 5.4.1 > was released. > That's assuming that Ubuntu's 5.4.1 is the same as ours, of course! The bug was introduced to fix some CVE advisory (2008-2292). A patch for this CVE is present in the Ubuntu package. This is easy to fix : apt-get source net-snmp cd net-snmp-5.4.1~dfsg cd debian/patches edit 45_CVE-2008-2292.patch go to line 120 You have: - sprintf(buf,"%ld", *var->val.integer); + snprintf(buf,"%ld", buf_len, *var->val.integer); Modify to get this: - sprintf(buf,"%ld", *var->val.integer); + snprintf(buf, buf_len, "%ld", *var->val.integer); (buf_len position was wrong) Then, you need to recompile: cd ../.. apt-get build-dep net-snmp apt-get install devscripts dch -n save the file dpkg-buildpackage -us -uc dpkg -i ../libsnmp-python-5.4.1~dfsg-4ubuntu4.3_i386.deb This should fix your bug. It seems that it is also reported for Ubuntu, but no action has been taken: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/347361 -- BOFH excuse #408: Computers under water due to SYN flooding. ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
