Date: Fri, 8 Jul 2005 14:30:49 +0200
From: Trustix Security Advisor <tsl@trustix.org.>
To: [email protected]Subject: TSLSA-2005-0034 - multi
Message-ID: <20050708123049.GA30611@tsunami.trustix.net.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0034
Package name: net-snmp, zlib
Summary: Multiple vulnerabilities
Date: 2005-07-08
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
net-snmp:
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.
zlib:
The zlib compression library provides in-memory compression and
decompression functions, including integrity checks of the uncompressed
data.
Problem description:
net-snmp:
Fixed a denial of service vulnerability when stream sockets have
been configured for use (E.G., TCP but not UDP). Bug#1038
zlib:
Security Fix: This flaw is due to a buffer overflow error when
processing a malformed data stream, which could be exploited by
attackers to execute arbitrary code via a specially crafted compressed
stream embedded within network communication or an application file format.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-2096.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
or directly at
<URI:http://www.trustix.org/errata/2005/0034/>
MD5sums of the packages:
- --------------------------------------------------------------------------
79da098bccacb4a99c327ba590533663 3.0/rpms/net-snmp-5.2.1.2-1tr.i586.rpm
d26360f4f3f1d95003fc6c3ff3f2b59c 3.0/rpms/net-snmp-devel-5.2.1.2-1tr.i586.rpm
b51dad2e029dc95d2ca3823412a8afba 3.0/rpms/net-snmp-libs-5.2.1.2-1tr.i586.rpm
67d0e78356ee16b869d413ef2e679156 3.0/rpms/net-snmp-perl-5.2.1.2-1tr.i586.rpm
a9733a63ee3da320a530d363b4f2db43 3.0/rpms/net-snmp-utils-5.2.1.2-1tr.i586.rpm
acf4b06a55596415c5a450abde693900 3.0/rpms/zlib-1.2.2-4tr.i586.rpm
7d7507f200761f6713ec84893a1ddd3a 3.0/rpms/zlib-devel-1.2.2-4tr.i586.rpm
9d9b72a93b6db09fbc36f3e4ddc5b643 2.2/rpms/zlib-1.2.2-2tr.i586.rpm
cd1af2bbc6cf7bc4b19a445d47c76d07 2.2/rpms/zlib-devel-1.2.2-2tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCzmzdi8CEzsK9IksRAtaZAJ92Ot3kwY0wYoVTR6DehkEE6GQKAgCffi+z
klHhADqO3FnCfVIaz+SNAVk=
=ODxO
-----END PGP SIGNATURE-----