-
net-snmp (5.2.1.2-4ubuntu2.3) dapper-security; urgency=low
* SECURITY UPDATE: authentication bypass via spoofed SNMPv3 packets.
- 51_CVE-2008-0960.patch: fixes thanks to Nico Golde.
* SECURITY UPDATE: arbitrary code execution via buffer overflow.
- 52_CVE-2008-2292.patch: fixes thanks to Jochen Friedrich.
* SECURITY UPDATE: denial of service via number of getbulk responses.
- 53_CVE-2008-4309.patch: ported fixes from Jochen Friedrich.
-- Kees Cook <email address hidden> Tue, 18 Nov 2008 13:20:22 -0800
-
net-snmp (5.2.1.2-4ubuntu2.2) dapper-security; urgency=low
* SECURITY UPDATE: CVE-2007-5846 (LP: #164007)
The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to
cause a denial of service (CPU and memory consumption) via a GETBULK request
with a large max-repeaters value.
* debian/patches/50_CVE-2007-5846.patch,
debian/patches/50_CVE-2007-5846.README:
Applied patch from upstream and explanation
(Link: http://sourceforge.net/tracker/index.php?func=detail&aid=1712988&group_id=12694&atid=112694 )
* References:
CVE-2007-5846
-- Stephan Hermann <email address hidden> Wed, 21 Nov 2007 11:28:43 +0100
-
net-snmp (5.2.1.2-4ubuntu2.1) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via crafted TCP session.
* Add 14_snmpapi_crash.patch: upstream fixes.
* References
CVE-2005-4837
-- Kees Cook <email address hidden> Thu, 19 Apr 2007 11:58:52 -0700
-
net-snmp (5.2.1.2-4ubuntu2) dapper; urgency=low
* Merge the setup of the snmp user from the Debian packaging, which uses
/var/lib/snmp for the user's home, not /home/snmp (launchpad.net/33377)
* Migrate the snmp user's passwd entry from the old home dir to the new.
-- Adam Conrad <email address hidden> Tue, 4 Apr 2006 20:16:30 +1000
-
net-snmp (5.2.1.2-4ubuntu1) dapper; urgency=low
* Resynchronise with Debian.
-- Fabio M. Di Nitto <email address hidden> Fri, 25 Nov 2005 14:17:40 +0100
