[gentoo-announce] [ GLSA 201409-02 ] Net-SNMP: Denial of Service - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@g.o
Subject:	[gentoo-announce] [ GLSA 201409-02 ] Net-SNMP: Denial of Service
Date:	Mon, 01 Sep 2014 21:50:26
Message-Id:	`5404E384.9090500@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201409-02

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Net-SNMP: Denial of Service

9

     Date: September 01, 2014

10

     Bugs: #431752, #493296, #502968, #509110

11

       ID: 201409-02

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Net-SNMP which could allow

19

remote attackers to cause Denial of Service.

20

21

Background

22

==========

23

24

Net-SNMP bundles software for generating and retrieving SNMP data.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  net-analyzer/net-snmp      < 5.7.3_pre3            >= 5.7.3_pre3

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been discovered in Net-SNMP. Please

38

review the CVE identifiers referenced below for details.

39

40

Impact

41

======

42

43

A remote attacker could create a Denial of Service condition.

44

45

Workaround

46

==========

47

48

There is no known workaround at this time.

49

50

Resolution

51

==========

52

53

All net-snmp users should upgrade to the latest version:

54

55

  # emerge --sync

56

  # emerge --ask --oneshot -v ">=net-analyzer/net-snmp-5.7.3_pre3"

57

58

References

59

==========

60

61

[ 1 ] CVE-2012-2141

62

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2141

63

[ 2 ] CVE-2012-6151

64

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6151

65

[ 3 ] CVE-2014-2284

66

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2284

67

[ 4 ] CVE-2014-2285

68

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2285

69

70

Availability

71

============

72

73

This GLSA and any updates to it are available for viewing at

74

the Gentoo Security Website:

75

76

 http://security.gentoo.org/glsa/glsa-201409-02.xml

77

78

Concerns?

79

=========

80

81

Security is a primary focus of Gentoo Linux and ensuring the

82

confidentiality and security of our users' machines is of utmost

83

importance to us. Any security concerns should be addressed to

84

security@g.o or alternatively, you may file a bug at

85

https://bugs.gentoo.org.

86

87

License

88

=======

89

90

Copyright 2014 Gentoo Foundation, Inc; referenced text

91

belongs to its owner(s).

92

93

The contents of this document are licensed under the

94

Creative Commons - Attribution / Share Alike license.

95

96

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201409-02
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Net-SNMP: Denial of Service
9	Date: September 01, 2014
10	Bugs: #431752, #493296, #502968, #509110
11	ID: 201409-02
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Net-SNMP which could allow
19	remote attackers to cause Denial of Service.
20
21	Background
22	==========
23
24	Net-SNMP bundles software for generating and retrieving SNMP data.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 net-analyzer/net-snmp < 5.7.3_pre3 >= 5.7.3_pre3
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been discovered in Net-SNMP. Please
38	review the CVE identifiers referenced below for details.
39
40	Impact
41	======
42
43	A remote attacker could create a Denial of Service condition.
44
45	Workaround
46	==========
47
48	There is no known workaround at this time.
49
50	Resolution
51	==========
52
53	All net-snmp users should upgrade to the latest version:
54
55	# emerge --sync
56	# emerge --ask --oneshot -v ">=net-analyzer/net-snmp-5.7.3_pre3"
57
58	References
59	==========
60
61	[ 1 ] CVE-2012-2141
62	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2141
63	[ 2 ] CVE-2012-6151
64	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6151
65	[ 3 ] CVE-2014-2284
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2284
67	[ 4 ] CVE-2014-2285
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2285
69
70	Availability
71	============
72
73	This GLSA and any updates to it are available for viewing at
74	the Gentoo Security Website:
75
76	http://security.gentoo.org/glsa/glsa-201409-02.xml
77
78	Concerns?
79	=========
80
81	Security is a primary focus of Gentoo Linux and ensuring the
82	confidentiality and security of our users' machines is of utmost
83	importance to us. Any security concerns should be addressed to
84	security@g.o or alternatively, you may file a bug at
85	https://bugs.gentoo.org.
86
87	License
88	=======
89
90	Copyright 2014 Gentoo Foundation, Inc; referenced text
91	belongs to its owner(s).
92
93	The contents of this document are licensed under the
94	Creative Commons - Attribution / Share Alike license.
95
96	http://creativecommons.org/licenses/by-sa/2.5