Mandriva Linux Security Advisory 2014-184 - A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.
0b242c6a63963c589cac2cd1587058f329b89e372158fe7418d20410f8f2ef2f-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:184
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : net-snmp
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated net-snmp packages fix security vulnerabilities:
A remote denial-of-service flaw was found in the way snmptrapd handled
certain SNMP traps when started with the -OQ option. If an attacker
sent an SNMP trap containing a variable with a NULL type where an
integer variable type was expected, it would cause snmptrapd to crash
(CVE-2014-3565).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
http://advisories.mageia.org/MGASA-2014-0371.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
673e6eed029453ef91d0c7a54bce2592 mbs1/x86_64/lib64net-snmp30-5.7.2-1.2.mbs1.x86_64.rpm
f90c40aff23a7411471ee6eb09cc4ba9 mbs1/x86_64/lib64net-snmp-devel-5.7.2-1.2.mbs1.x86_64.rpm
33947f32fdca8d97baea2cf327ad87a7 mbs1/x86_64/lib64net-snmp-static-devel-5.7.2-1.2.mbs1.x86_64.rpm
cf6a942c7b95d6316fa316b44a622a2d mbs1/x86_64/net-snmp-5.7.2-1.2.mbs1.x86_64.rpm
b504d1e32fd4ac4f3b42e2af11290434 mbs1/x86_64/net-snmp-mibs-5.7.2-1.2.mbs1.x86_64.rpm
53a57ff36f8585ef316a2082fdb5f867 mbs1/x86_64/net-snmp-tkmib-5.7.2-1.2.mbs1.x86_64.rpm
7d3d6ac8e63eba2fe104c1909d87391c mbs1/x86_64/net-snmp-trapd-5.7.2-1.2.mbs1.x86_64.rpm
4093e1a8f9045ddaa465ff8735dfad66 mbs1/x86_64/net-snmp-utils-5.7.2-1.2.mbs1.x86_64.rpm
c03a70c4f3a43defc16b4279456adb7e mbs1/x86_64/perl-NetSNMP-5.7.2-1.2.mbs1.x86_64.rpm
0868cbf75d36c9a538b9792367f9c4f8 mbs1/x86_64/python-netsnmp-5.7.2-1.2.mbs1.x86_64.rpm
c3653bb6c7ca975b6c08b8dc286c2101 mbs1/SRPMS/net-snmp-5.7.2-1.2.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUIs+5mqjQ0CJFipgRAiG7AKDBKBmOYpjEwKLyDhnlFys1NZYXvgCgvo3p
Xx7kS42QepzftK2O3vKR1yU=
=192D
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed