Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > July 2005 > Fedora - Three Update Notifications

July 2005

Fedora - Three Update Notifications

ID: 00582
Ref: 541/05
Date: 14 July 2005:14:55:03
Version: 1
Title: Fedora - Three Update Notifications
Abstract: 1. Fedora Core 4 Update: rpm-4.4.1-22 [FEDORA-2005-565], 2. Fedora Core 4 Update: net-snmp-5.2.1.2-fc4.1 [FEDORA-2005-561], 3. Fedora Core 3 Update: net-snmp-5.2.1.2-FC3.1 [FEDORA-2005-562]
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora

Title
=====

Fedora - Three Update Notifications:
1. Fedora Core 4 Update: rpm-4.4.1-22 [FEDORA-2005-565]
2. Fedora Core 4 Update: net-snmp-5.2.1.2-fc4.1 [FEDORA-2005-561]
3. Fedora Core 3 Update: net-snmp-5.2.1.2-FC3.1 [FEDORA-2005-562]


Detail
======

Update notification summaries:

1. This update corrects security problem CAN-2005-2096 (Buffer overflow in
zlib 1.2 and later versions allows remote attackers to cause a denial
of service (crash) via a crafted compressed stream, as demonstrated using
a crafted PNG file).

2. A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agent"s which
have opened a stream based protocol (EG, TCP but not UDP; it should be
noted that Net-SNMP does not by default open a TCP port).

3. A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agent"s which
have opened a stream based protocol (EG, TCP but not UDP; it should be
noted that Net-SNMP does not by default open a TCP port).


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-565
2005-07-13
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : rpm
Version : 4.4.1
Release : 22
Summary : The RPM package management system.
Description :
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package like its version, a description, etc.

- ---------------------------------------------------------------------
Update Information:

This update corrects security problem CAN-2005-2096.
- ---------------------------------------------------------------------
* Wed Jul 13 2005 Paul Nasrat - 4.4.1-22

- - zlib fix for CAN-2005-2096


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

4e8753f4e96768e731dc7ff33e91323f SRPMS/rpm-4.4.1-22.src.rpm
4d2cef556d21a4590068b378222ae584 ppc/rpm-4.4.1-22.ppc.rpm
767aa8667cfb6130736fbd86f2a63750 ppc/rpm-libs-4.4.1-22.ppc.rpm
72ab6a216aeceb956ab71f27ccea7d01 ppc/rpm-devel-4.4.1-22.ppc.rpm
d0260b73251f2ebca9d46cda26ba731d ppc/rpm-build-4.4.1-22.ppc.rpm
833d3484b4d4169b518e3cee7f8ffe8f ppc/rpm-python-4.4.1-22.ppc.rpm
3fdc79debc0679add4e965d23a59b29e ppc/popt-1.10.1-22.ppc.rpm
d480472dfb69566ece6f9072f2bc4bee ppc/debug/rpm-debuginfo-4.4.1-22.ppc.rpm
604d36a26a6734dd556012d7abde53f1 ppc/popt-1.10.1-22.ppc64.rpm
37b01382694ac79ce43ab8308cd789cf x86_64/rpm-4.4.1-22.x86_64.rpm
186c26cedfdc8602c215916749ac75a4 x86_64/rpm-libs-4.4.1-22.x86_64.rpm
5cd21dae524b0918da4cf0c28e3e0bbf x86_64/rpm-devel-4.4.1-22.x86_64.rpm
d17768c4505657b1c64f397ea568a402 x86_64/rpm-build-4.4.1-22.x86_64.rpm
f832726f36a48a01646cfb371aca60b3 x86_64/rpm-python-4.4.1-22.x86_64.rpm
de6456c074a74c48c35f1d18dd260629 x86_64/popt-1.10.1-22.x86_64.rpm
1184723dc5506944af4758333d883265 x86_64/debug/rpm-debuginfo-4.4.1-22.x86_64.rpm
4080913a0dc8d6e3cd3efeef0ee0e225 x86_64/popt-1.10.1-22.i386.rpm
4267228376a6eaf4cdf6426d0fcf7c02 i386/rpm-4.4.1-22.i386.rpm
2905f7ab83a8a670139eaef1a7cc8ddb i386/rpm-libs-4.4.1-22.i386.rpm
a7ea6be9916669305028f250e72b1e34 i386/rpm-devel-4.4.1-22.i386.rpm
e3da18a9335d70e8947860edac4f8ce9 i386/rpm-build-4.4.1-22.i386.rpm
8de0b8dc5b9a656fc1f760cdafdd31e4 i386/rpm-python-4.4.1-22.i386.rpm
4080913a0dc8d6e3cd3efeef0ee0e225 i386/popt-1.10.1-22.i386.rpm
97497259fd879f7a4152b4a4974f57fc i386/debug/rpm-debuginfo-4.4.1-22.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



2.



- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-561
2005-07-13
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : net-snmp
Version : 5.2.1.2
Release : fc4.1
Summary : A collection of SNMP protocol tools and libraries.
Description :
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.

You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.

Building option:
--without tcp_wrappers : disable tcp_wrappers support

- ---------------------------------------------------------------------
Update Information:

A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agent"s which
have opened a stream based protocol (EG, TCP but not UDP; it should be
noted that Net-SNMP does not by default open a TCP port).

http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455
- ---------------------------------------------------------------------
* Wed Jul 13 2005 Radek Vokal - 5.2.1.2-fc4.1

- - CAN-2005-2177 new upstream version fixing DoS (#162908)

* Tue May 31 2005 Radek Vokal - 5.2.1-13

- - CAN-2005-1740 net-snmp insecure temporary file usage (#158770)
- - patch from suse.de


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

b79090650c617e039939241bdc7b3946 SRPMS/net-snmp-5.2.1.2-fc4.1.src.rpm
80b5a855b95900fb5973e6073d25d851 ppc/net-snmp-5.2.1.2-fc4.1.ppc.rpm
478843b0b1c7bc5f04a053bcdb6ddcd8 ppc/net-snmp-utils-5.2.1.2-fc4.1.ppc.rpm
270fc3fecbfbd31718c756f2d0bf2d36 ppc/net-snmp-devel-5.2.1.2-fc4.1.ppc.rpm
33c28040e1ca630bc6f8bfe84ad4af38 ppc/net-snmp-perl-5.2.1.2-fc4.1.ppc.rpm
242d3108af124c3b9d457e8da9ba766d ppc/net-snmp-libs-5.2.1.2-fc4.1.ppc.rpm
ad273e2a6a6acd3169f4d193b06c3688 ppc/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.ppc.rpm
acb18e87eb710d133a3622954867254a ppc/net-snmp-libs-5.2.1.2-fc4.1.ppc64.rpm
7de313a1ac5f52382aee5c165653618e x86_64/net-snmp-5.2.1.2-fc4.1.x86_64.rpm
092b4dfe9ec5b1c19a40a7db2a82dc63 x86_64/net-snmp-utils-5.2.1.2-fc4.1.x86_64.rpm
627b1a3adc9d2c1236085aae4bf2cec5 x86_64/net-snmp-devel-5.2.1.2-fc4.1.x86_64.rpm
7819a593d4b083010ca3ed4939956d68 x86_64/net-snmp-perl-5.2.1.2-fc4.1.x86_64.rpm
cca2e6c99cc7a0a6c6de8a08ab095f94 x86_64/net-snmp-libs-5.2.1.2-fc4.1.x86_64.rpm
148c341e81c53c5098d79c4bcc3f931c x86_64/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.x86_64.rpm
2ffdbca98fbfff39b894eab6d6f9faaa x86_64/net-snmp-libs-5.2.1.2-fc4.1.i386.rpm
e7e5ee415a6239d3a5c7e9d1174a07ab i386/net-snmp-5.2.1.2-fc4.1.i386.rpm
ea9380fb6c23881a2aa861974a32d041 i386/net-snmp-utils-5.2.1.2-fc4.1.i386.rpm
874b9d3fd002d524d3e45a67f88f163e i386/net-snmp-devel-5.2.1.2-fc4.1.i386.rpm
c6c304989cb5c4ba74736e2eba48848d i386/net-snmp-perl-5.2.1.2-fc4.1.i386.rpm
2ffdbca98fbfff39b894eab6d6f9faaa i386/net-snmp-libs-5.2.1.2-fc4.1.i386.rpm
eab2776c49ae418dabab1d85cd95a698 i386/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



3.



- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-562
2005-07-13
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : net-snmp
Version : 5.2.1.2
Release : FC3.1
Summary : A collection of SNMP protocol tools and libraries.
Description :
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.

You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.

Building option:
--without tcp_wrappers : disable tcp_wrappers support

- ---------------------------------------------------------------------

* Wed Jul 13 2005 Radek Vokal

- - CAN-2005-2177 new upstream version fixing DoS (#162908)
- - CAN-2005-1740 net-snmp insecure temporary file usage (#158770)
- - session free fixed, agentx modules build fine (#157851)
- - report gigabit Ethernet speeds using Ethtool (#152480)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

4b721f407f7e3f8328b55c221934a1c3 SRPMS/net-snmp-5.2.1.2-FC3.1.src.rpm
b5e93da4d42a9ed378ade7a4dca53303 x86_64/net-snmp-5.2.1.2-FC3.1.x86_64.rpm
5c9b2a222c5b73d8574bfa73fa7a43db x86_64/net-snmp-utils-5.2.1.2-FC3.1.x86_64.rpm
0742d799d460c662ead52bc00cb5c0c4 x86_64/net-snmp-devel-5.2.1.2-FC3.1.x86_64.rpm
9f4058884731fb796989c070cc8daf79 x86_64/net-snmp-perl-5.2.1.2-FC3.1.x86_64.rpm
16e4b9661cd1877a7fe4c407defcfb59 x86_64/net-snmp-libs-5.2.1.2-FC3.1.x86_64.rpm
3172c8d4cd09a5aacaf07fe67838b3e0 x86_64/debug/net-snmp-debuginfo-5.2.1.2-FC3.1.x86_64.rpm
7b9f7d1d829c812906550f4788315d55 x86_64/net-snmp-libs-5.2.1.2-FC3.1.i386.rpm
592d67733a8b4dcaa2cae2aff855674d i386/net-snmp-5.2.1.2-FC3.1.i386.rpm
437282b8f6bf797286b55ab96021b27e i386/net-snmp-utils-5.2.1.2-FC3.1.i386.rpm
ad465047964e37127328c5c260562d8a i386/net-snmp-devel-5.2.1.2-FC3.1.i386.rpm
8da7b9da314591bcc6ebf0f139cb79c1 i386/net-snmp-perl-5.2.1.2-FC3.1.i386.rpm
7b9f7d1d829c812906550f4788315d55 i386/net-snmp-libs-5.2.1.2-FC3.1.i386.rpm
bdf494c06278cdb8bd7a029694403ff5 i386/debug/net-snmp-debuginfo-5.2.1.2-FC3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |