UbuntuUpdates.org

Package "net-snmp"

Name: net-snmp

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • SNMP (Simple Network Management Protocol) Python support
  • SNMP (Simple Network Management Protocol) MIB browser

Latest version: 5.4.3~dfsg-2.4ubuntu1.3
Release: precise (12.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "net-snmp": https://www.ubuntuupdates.org/net-snmp



Other versions of "net-snmp" in Precise

Repository Area Version
base universe 5.4.3~dfsg-2.4ubuntu1
base main 5.4.3~dfsg-2.4ubuntu1
security main 5.4.3~dfsg-2.4ubuntu1.3
security universe 5.4.3~dfsg-2.4ubuntu1.3
updates main 5.4.3~dfsg-2.4ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.4.3~dfsg-2.4ubuntu1.3 2015-08-17 18:06:36 UTC

  net-snmp (5.4.3~dfsg-2.4ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted SNMP trap message
    - debian/patches/CVE-2014-3565.patch: handle variables with wrong types
      in snmplib/mib.c.
    - CVE-2014-3565
  * SECURITY UPDATE: denial of service and possible code execution via
    incompletely parsed varBind variables
    - debian/patches/CVE-2015-5621.patch: don't return incorrectly parsed
      varbinds in snmplib/snmp_api.c.
    - CVE-2015-5621

 -- Marc Deslauriers Thu, 13 Aug 2015 10:31:34 -0400

Source diff to previous version
CVE-2014-3565 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via
CVE-2015-5621 net-snmp snmp_pdu_parse() function incompletely initialization vulnerability

Version: 5.4.3~dfsg-2.4ubuntu1.2 2014-04-14 14:06:54 UTC

  net-snmp (5.4.3~dfsg-2.4ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via AgentX subagent timeout
    - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
      agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
      include/net-snmp/agent/snmp_agent.h.
    - CVE-2012-6151
  * SECURITY UPDATE: denial of service in perl trap handler
    - debian/patches/CVE-2014-2285.patch: handle empty community string in
      perl/TrapReceiver/TrapReceiver.xs.
    - CVE-2014-2285
  * SECURITY UPDATE: denial of service via multiple-object requests
    - debian/patches/CVE-2014-2310.patch: fix lengths in
      agent/mibgroup/agentx/protocol.c.
    - CVE-2014-2310
 -- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 10:08:53 -0400

Source diff to previous version
CVE-2012-6151 Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB ...
CVE-2014-2285 snmptrapd crash when using a trap with empty community string
CVE-2014-2310 agentx: Oversized Object ID

Version: 5.4.3~dfsg-2.4ubuntu1.1 2012-05-23 19:06:50 UTC

  net-snmp (5.4.3~dfsg-2.4ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via SNMP GET with non-existent
    extension table entry
    - debian/patches/CVE-2012-2141.patch: validate line_idx in
      agent/mibgroup/agent/extend.c.
    - CVE-2012-2141
 -- Marc Deslauriers <email address hidden> Tue, 22 May 2012 16:34:46 -0400

CVE-2012-2141 Array index error, leading to out-of heap-based buffer read (snmpd crash)



About   -   Send Feedback to @ubuntu_updates