--9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline =========================================================== Ubuntu Security Notice USN-190-2 November 21, 2005 ucd-snmp vulnerability CVE-2005-2177 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libsnmp4.2 The problem can be corrected by upgrading the affected package to version 4.2.5-3.5ubuntu0.4.10 (for Ubuntu 4.10), 4.2.5-3.5ubuntu0.5.04 (for Ubuntu 5.04), or 4.2.5-5ubuntu0.1 (for Ubuntu 5.10). After a standard system upgrade you need to restart the cyrus email server with /etc/init.d/cyrus21 restart (with root privileges, e. g. with using sudo). Details follow: USN-190-1 fixed a vulnerability in the net-snmp library. It was discovered that the same problem also affects the ucs-snmp implementation (which is used by the Cyrus email server). Original advisory: A remote Denial of Service has been discovered in the SMNP (Simple Network Management Protocol) library. If a SNMP agent uses TCP sockets for communication, a malicious SNMP server could exploit this to crash the agent. Please note that by default SNMP uses UDP sockets. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.diff.gz Size/MD5: 69622 5861e6945830eacba4c2094c94699aaf http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.4.10.dsc Size/MD5: 779 4cbc553d37af0c9db4a9c6d1471547c0 http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_amd64.deb Size/MD5: 528770 ea77ab507ff3c90d4334e0dbaefbcfc6 http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_amd64.deb Size/MD5: 648804 7922cb95648180a9e1d7a4d07af84523 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_i386.deb Size/MD5: 457638 5af1620e60bc63d7d58c801c599a6fb4 http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_i386.deb Size/MD5: 624278 4c2e603b958d7fd5ca4005a8d68cfaef powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.4.10_powerpc.deb Size/MD5: 601122 9bbcd21251c92c8244158d3ef2893b5d http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.4.10_powerpc.deb Size/MD5: 615504 b4510e4e2eb589246c3e6ab9d3d2cbbc Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.diff.gz Size/MD5: 69622 1f2f355dcc1d8a74740c75c336c7d64f http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-3.5ubuntu0.5.04.dsc Size/MD5: 779 108154374c1784cd2a4372053773bd07 http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_amd64.deb Size/MD5: 528818 bbca4da8fd1dfdfdd75f421ebe7e7b95 http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_amd64.deb Size/MD5: 648844 36f2c9547e261603317c1b87d8e528a5 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_i386.deb Size/MD5: 458084 d51dc298a88baa36c07aab3ca57a27dc http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_i386.deb Size/MD5: 624800 80ddcb36a6597c811eb793f965e7b34f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-3.5ubuntu0.5.04_powerpc.deb Size/MD5: 601120 b837c24ba5e35fd876e10d20ffc3b72b http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-3.5ubuntu0.5.04_powerpc.deb Size/MD5: 615470 8739aefd6ccee20d2deacd3b0b0c0fb2 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.diff.gz Size/MD5: 69879 6ef2cb3af6867a1456b473088261cc93 http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5-5ubuntu0.1.dsc Size/MD5: 774 e9be486552af55a156c37d82b8e5934d http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/ucd-snmp_4.2.5.orig.tar.gz Size/MD5: 1707471 615e0b1e760cbb8c63b5392fe2d04b14 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_amd64.deb Size/MD5: 551274 d75072859288156d876eb61ec0b1d9b9 http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_amd64.deb Size/MD5: 663934 7f7ca12df144769d40dd1168fc36c679 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_i386.deb Size/MD5: 465532 2669a212a3b23706f725e5d95167e143 http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_i386.deb Size/MD5: 619630 bddb573c1ffb88c5d722b91f27102a07 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2-dev_4.2.5-5ubuntu0.1_powerpc.deb Size/MD5: 589426 02710f1b81d7406f246a56e5332600ac http://security.ubuntu.com/ubuntu/pool/main/u/ucd-snmp/libsnmp4.2_4.2.5-5ubuntu0.1_powerpc.deb Size/MD5: 628922 e6048dcafdfbda76fe3efa91fe78324b --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDgap/DecnbV4Fd/IRAtsPAKC7AipbaoTVmsE0PfAknpvjQnHAbgCg2Tel A6C5DNvXN2bJQprzU28bUXE= =U7sd -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR--