Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2015:2345-01] Moderate: net-snmp security and bug fix update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Moderate: net-snmp security and bug fix update

Advisory ID: RHSA-2015:2345-01

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2345.html

Issue date: 2015-11-19

CVE Names: CVE-2014-3565

=====================================================================

 

1. Summary:

 

Updated net-snmp packages that fix one security issue and several bugs are

now available for Red Hat Enterprise Linux 7.

 

Red Hat Product Security has rated this update as having Moderate security

impact. A Common Vulnerability Scoring System (CVSS) base score, which

gives a detailed severity rating, is available from the CVE link in the

References section.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

 

3. Description:

 

The net-snmp packages provide various libraries and tools for the Simple

Network Management Protocol (SNMP), including an SNMP library, an

extensible agent, tools for requesting or setting information from SNMP

agents, tools for generating and handling SNMP traps, a version of the

netstat command which uses SNMP, and a Tk/Perl Management Information Base

(MIB) browser.

 

A denial of service flaw was found in the way snmptrapd handled certain

SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP

trap containing a variable with a NULL type where an integer variable type

was expected, it would cause snmptrapd to crash. (CVE-2014-3565)

 

This update also fixes the following bugs:

 

* Previously, the clientaddr option in the snmp.conf file affected outgoing

messages sent only over IPv4. With this release, outgoing IPv6 messages are

correctly sent from the interface specified by clientaddr. (BZ#1190679)

 

* The Net-SNMP daemon, snmpd, did not properly clean memory when reloading

its configuration file with multiple "exec" entries. Consequently, the

daemon terminated unexpectedly. Now, the memory is properly cleaned, and

snmpd no longer crashes on reload. (BZ#1228893)

 

* Prior to this update, snmpd did not parse complete IPv4 traffic

statistics, but reported the number of received or sent bytes in the

IP-MIB::ipSystemStatsTable only for IPv6 packets and not for IPv4.

This affected objects ipSystemStatsInOctets, ipSystemStatsOutOctets,

ipSystemStatsInMcastOctets, and ipSystemStatsOutMcastOctets. Now, the

statistics reported by snmpd are collected for IPv4 as well. (BZ#1235697)

 

* The Net-SNMP daemon, snmpd, did not correctly detect the file system

change from read-only to read-write. Consequently, after remounting the

file system into the read-write mode, the daemon reported it to be still

in the read-only mode. A patch has been applied, and snmpd now detects the

mode changes as expected. (BZ#1241897)

 

All net-snmp users are advised to upgrade to these updated packages, which

contain backported patches to correct these issues.

 

4. Solution:

 

Before applying this update, make sure all previously released errata

relevant to your system have been applied.

 

For details on how to apply this update, refer to:

 

https://access.redhat.com/articles/11258

 

5. Bugs fixed (https://bugzilla.redhat.com/):

 

1092308 - backport diskio device filtering

1125155 - CVE-2014-3565 net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type

1151310 - snmptrap can't create (or write to) /var/lib/net-snmp/snmpapp.conf if isn't run under root

1184433 - udpTable has wrong indices

1190679 - In IPv6, snmp packet does not send from specified interface assigned by clientaddr option in snmpd.conf.

1193006 - net-snmp "storageUseNFS 2" option does not report NFS mount as "Fixed Disks"

1252034 - net-snmp-python contains zeros in IP address (IPADDR type) on big-endian architectures

1252048 - net-snmp snmpd fork() overhead [fix available]

1252053 - net-snmp does not display correct lm_sensors sensor data / missing CPU cores

 

6. Package List:

 

Red Hat Enterprise Linux Client (v. 7):

 

Source:

net-snmp-5.7.2-24.el7.src.rpm

 

x86_64:

net-snmp-5.7.2-24.el7.x86_64.rpm

net-snmp-agent-libs-5.7.2-24.el7.i686.rpm

net-snmp-agent-libs-5.7.2-24.el7.x86_64.rpm

net-snmp-debuginfo-5.7.2-24.el7.i686.rpm

net-snmp-debuginfo-5.7.2-24.el7.x86_64.rpm

net-snmp-libs-5.7.2-24.el7.i686.rpm

net-snmp-libs-5.7.2-24.el7.x86_64.rpm

net-snmp-utils-5.7.2-24.el7.x86_64.rpm

 

Red Hat Enterprise Linux Client Optional (v. 7):

 

x86_64:

net-snmp-debuginfo-5.7.2-24.el7.i686.rpm

net-snmp-debuginfo-5.7.2-24.el7.x86_64.rpm

net-snmp-devel-5.7.2-24.el7.i686.rpm

net-snmp-devel-5.7.2-24.el7.x86_64.rpm

net-snmp-gui-5.7.2-24.el7.x86_64.rpm

net-snmp-perl-5.7.2-24.el7.x86_64.rpm

net-snmp-python-5.7.2-24.el7.x86_64.rpm

net-snmp-sysvinit-5.7.2-24.el7.x86_64.rpm

 

Red Hat Enterprise Linux ComputeNode (v. 7):

 

Source:

net-snmp-5.7.2-24.el7.src.rpm

 

x86_64:

net-snmp-5.7.2-24.el7.x86_64.rpm

net-snmp-agent-libs-5.7.2-24.el7.i686.rpm

net-snmp-agent-libs-5.7.2-24.el7.x86_64.rpm

net-snmp-debuginfo-5.7.2-24.el7.i686.rpm

net-snmp-debuginfo-5.7.2-24.el7.x86_64.rpm

net-snmp-libs-5.7.2-24.el7.i686.rpm

net-snmp-libs-5.7.2-24.el7.x86_64.rpm

net-snmp-utils-5.7.2-24.el7.x86_64.rpm

 

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

 

x86_64:

net-snmp-debuginfo-5.7.2-24.el7.i686.rpm

net-snmp-debuginfo-5.7.2-24.el7.x86_64.rpm

net-snmp-devel-5.7.2-24.el7.i686.rpm

net-snmp-devel-5.7.2-24.el7.x86_64.rpm

net-snmp-gui-5.7.2-24.el7.x86_64.rpm

net-snmp-perl-5.7.2-24.el7.x86_64.rpm

net-snmp-python-5.7.2-24.el7.x86_64.rpm

net-snmp-sysvinit-5.7.2-24.el7.x86_64.rpm

 

Red Hat Enterprise Linux Server (v. 7):

 

Source:

net-snmp-5.7.2-24.el7.src.rpm

 

aarch64:

net-snmp-5.7.2-24.el7.aarch64.rpm

net-snmp-agent-libs-5.7.2-24.el7.aarch64.rpm

net-snmp-debuginfo-5.7.2-24.el7.aarch64.rpm

net-snmp-devel-5.7.2-24.el7.aarch64.rpm

net-snmp-libs-5.7.2-24.el7.aarch64.rpm

net-snmp-utils-5.7.2-24.el7.aarch64.rpm

 

ppc64:

net-snmp-5.7.2-24.el7.ppc64.rpm

net-snmp-agent-libs-5.7.2-24.el7.ppc.rpm

net-snmp-agent-libs-5.7.2-24.el7.ppc64.rpm

net-snmp-debuginfo-5.7.2-24.el7.ppc.rpm

net-snmp-debuginfo-5.7.2-24.el7.ppc64.rpm

net-snmp-devel-5.7.2-24.el7.ppc.rpm

net-snmp-devel-5.7.2-24.el7.ppc64.rpm

net-snmp-libs-5.7.2-24.el7.ppc.rpm

net-snmp-libs-5.7.2-24.el7.ppc64.rpm

net-snmp-utils-5.7.2-24.el7.ppc64.rpm

 

ppc64le:

net-snmp-5.7.2-24.el7.ppc64le.rpm

net-snmp-agent-libs-5.7.2-24.el7.ppc64le.rpm

net-snmp-debuginfo-5.7.2-24.el7.ppc64le.rpm

net-snmp-devel-5.7.2-24.el7.ppc64le.rpm

net-snmp-libs-5.7.2-24.el7.ppc64le.rpm

net-snmp-utils-5.7.2-24.el7.ppc64le.rpm

 

s390x:

net-snmp-5.7.2-24.el7.s390x.rpm

net-snmp-agent-libs-5.7.2-24.el7.s390.rpm

net-snmp-agent-libs-5.7.2-24.el7.s390x.rpm

net-snmp-debuginfo-5.7.2-24.el7.s390.rpm

net-snmp-debuginfo-5.7.2-24.el7.s390x.rpm

net-snmp-devel-5.7.2-24.el7.s390.rpm

net-snmp-devel-5.7.2-24.el7.s390x.rpm

net-snmp-libs-5.7.2-24.el7.s390.rpm

net-snmp-libs-5.7.2-24.el7.s390x.rpm

net-snmp-utils-5.7.2-24.el7.s390x.rpm

 

x86_64:

net-snmp-5.7.2-24.el7.x86_64.rpm

net-snmp-agent-libs-5.7.2-24.el7.i686.rpm

net-snmp-agent-libs-5.7.2-24.el7.x86_64.rpm

net-snmp-debuginfo-5.7.2-24.el7.i686.rpm

net-snmp-debuginfo-5.7.2-24.el7.x86_64.rpm

net-snmp-devel-5.7.2-24.el7.i686.rpm

net-snmp-devel-5.7.2-24.el7.x86_64.rpm

net-snmp-libs-5.7.2-24.el7.i686.rpm

net-snmp-libs-5.7.2-24.el7.x86_64.rpm

net-snmp-utils-5.7.2-24.el7.x86_64.rpm

 

Red Hat Enterprise Linux Server Optional (v. 7):

 

aarch64:

net-snmp-debuginfo-5.7.2-24.el7.aarch64.rpm

net-snmp-gui-5.7.2-24.el7.aarch64.rpm

net-snmp-perl-5.7.2-24.el7.aarch64.rpm

net-snmp-python-5.7.2-24.el7.aarch64.rpm

net-snmp-sysvinit-5.7.2-24.el7.aarch64.rpm

 

ppc64:

net-snmp-debuginfo-5.7.2-24.el7.ppc64.rpm

net-snmp-gui-5.7.2-24.el7.ppc64.rpm

net-snmp-perl-5.7.2-24.el7.ppc64.rpm

net-snmp-python-5.7.2-24.el7.ppc64.rpm

net-snmp-sysvinit-5.7.2-24.el7.ppc64.rpm

 

ppc64le:

net-snmp-debuginfo-5.7.2-24.el7.ppc64le.rpm

net-snmp-gui-5.7.2-24.el7.ppc64le.rpm

net-snmp-perl-5.7.2-24.el7.ppc64le.rpm

net-snmp-python-5.7.2-24.el7.ppc64le.rpm

net-snmp-sysvinit-5.7.2-24.el7.ppc64le.rpm

 

s390x:

net-snmp-debuginfo-5.7.2-24.el7.s390x.rpm

net-snmp-gui-5.7.2-24.el7.s390x.rpm

net-snmp-perl-5.7.2-24.el7.s390x.rpm

net-snmp-python-5.7.2-24.el7.s390x.rpm

net-snmp-sysvinit-5.7.2-24.el7.s390x.rpm

 

x86_64:

net-snmp-debuginfo-5.7.2-24.el7.x86_64.rpm

net-snmp-gui-5.7.2-24.el7.x86_64.rpm

net-snmp-perl-5.7.2-24.el7.x86_64.rpm

net-snmp-python-5.7.2-24.el7.x86_64.rpm

net-snmp-sysvinit-5.7.2-24.el7.x86_64.rpm

 

Red Hat Enterprise Linux Workstation (v. 7):

 

Source:

net-snmp-5.7.2-24.el7.src.rpm

 

x86_64:

net-snmp-5.7.2-24.el7.x86_64.rpm

net-snmp-agent-libs-5.7.2-24.el7.i686.rpm

net-snmp-agent-libs-5.7.2-24.el7.x86_64.rpm

net-snmp-debuginfo-5.7.2-24.el7.i686.rpm

net-snmp-debuginfo-5.7.2-24.el7.x86_64.rpm

net-snmp-devel-5.7.2-24.el7.i686.rpm

net-snmp-devel-5.7.2-24.el7.x86_64.rpm

net-snmp-libs-5.7.2-24.el7.i686.rpm

net-snmp-libs-5.7.2-24.el7.x86_64.rpm

net-snmp-utils-5.7.2-24.el7.x86_64.rpm

 

Red Hat Enterprise Linux Workstation Optional (v. 7):

 

x86_64:

net-snmp-debuginfo-5.7.2-24.el7.x86_64.rpm

net-snmp-gui-5.7.2-24.el7.x86_64.rpm

net-snmp-perl-5.7.2-24.el7.x86_64.rpm

net-snmp-python-5.7.2-24.el7.x86_64.rpm

net-snmp-sysvinit-5.7.2-24.el7.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/

 

7. References:

 

https://access.redhat.com/security/cve/CVE-2014-3565

https://access.redhat.com/security/updates/classification/#moderate

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2015 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

 

iD8DBQFWTkIQXlSAg2UNWIIRAlbcAJwLsO5iPdIeUwdJqaoUF43N7RM7kgCcDynZ

3JFzBVf00U2C1LZ1RmCKJlQ=

=iYnO

-----END PGP SIGNATURE-----

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×