-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:092 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : net-snmp Date : March 28, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated net-snmp packages fix security vulnerabilities: Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects (CVE-2014-2284). Remotely exploitable denial of service vulnerability in Net-SNMP, in snmptrapd, due to how it handles trap requests with an empty community string when the perl handler is enabled (CVE-2014-2285). A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash (CVE-2014-3565). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2284 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565 http://advisories.mageia.org/MGASA-2014-0122.html http://advisories.mageia.org/MGASA-2014-0371.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: db108bc819bb011d352ac1be23005ae8 mbs2/x86_64/lib64net-snmp30-5.7.2-14.1.mbs2.x86_64.rpm 10d0754baaebe770c0accea30a4c570b mbs2/x86_64/lib64net-snmp-devel-5.7.2-14.1.mbs2.x86_64.rpm f3c20caeb88eee898508110847de93c1 mbs2/x86_64/lib64net-snmp-static-devel-5.7.2-14.1.mbs2.x86_64.rpm 85a8e55a06278248c6d55ed71781d4ae mbs2/x86_64/net-snmp-5.7.2-14.1.mbs2.x86_64.rpm dd6b3752ffc3abfa799752d6c68be260 mbs2/x86_64/net-snmp-mibs-5.7.2-14.1.mbs2.x86_64.rpm dff402077edcdbbbb43876ab37f17c63 mbs2/x86_64/net-snmp-tkmib-5.7.2-14.1.mbs2.x86_64.rpm e5dd0695599ce24250e9c56398ae708a mbs2/x86_64/net-snmp-trapd-5.7.2-14.1.mbs2.x86_64.rpm 73e35840936e48e76813ee9aa563e5db mbs2/x86_64/net-snmp-utils-5.7.2-14.1.mbs2.x86_64.rpm 3fcb54fc22046478a1f4fe25bfb3fbfc mbs2/x86_64/perl-NetSNMP-5.7.2-14.1.mbs2.x86_64.rpm f7faf7abe0cb4119a24aa1eb7b4e88e2 mbs2/x86_64/python-netsnmp-5.7.2-14.1.mbs2.x86_64.rpm 70325be4b29a38030ee30a1bea4c0a40 mbs2/SRPMS/net-snmp-5.7.2-14.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFnIkmqjQ0CJFipgRApj2AJ4siseZB35ENesBHXAJd354ztjc2wCg4i9a CVlceu1C+yhzzsfXCVXUd5g= =mTTW -----END PGP SIGNATURE-----