[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 541/05 - Fedora - Three Update Notifications



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 541/05 dated 14.07.05  Time: 11:20  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Fedora - Three Update Notifications:
     1.  Fedora Core 4 Update: rpm-4.4.1-22            [FEDORA-2005-565]
     2.  Fedora Core 4 Update: net-snmp-5.2.1.2-fc4.1  [FEDORA-2005-561]
     3.  Fedora Core 3 Update: net-snmp-5.2.1.2-FC3.1  [FEDORA-2005-562]


Detail
====== 

Update notification summaries:

     1.  This update corrects security problem CAN-2005-2096  (Buffer overflow in 
         zlib 1.2 and later versions allows remote attackers to cause a denial 
         of service (crash) via a crafted compressed stream, as demonstrated using 
         a crafted PNG file).

     2.  A security vulnerability has been found in Net-SNMP releases that
         could allow a denial of service attack against Net-SNMP agent"s which
         have opened a stream based protocol (EG, TCP but not UDP; it should be
         noted that Net-SNMP does not by default open a TCP port).

     3.  A security vulnerability has been found in Net-SNMP releases that
         could allow a denial of service attack against Net-SNMP agent"s which
         have opened a stream based protocol (EG, TCP but not UDP; it should be
         noted that Net-SNMP does not by default open a TCP port).


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-565
2005-07-13
- ---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : rpm
Version     : 4.4.1                      
Release     : 22                  
Summary     : The RPM package management system.
Description :
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package like its version, a description, etc.

- ---------------------------------------------------------------------
Update Information:

This update corrects security problem CAN-2005-2096.
- ---------------------------------------------------------------------
* Wed Jul 13 2005 Paul Nasrat <pnasrat@xxxxxxxxxx> - 4.4.1-22

- - zlib fix for CAN-2005-2096


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

4e8753f4e96768e731dc7ff33e91323f  SRPMS/rpm-4.4.1-22.src.rpm
4d2cef556d21a4590068b378222ae584  ppc/rpm-4.4.1-22.ppc.rpm
767aa8667cfb6130736fbd86f2a63750  ppc/rpm-libs-4.4.1-22.ppc.rpm
72ab6a216aeceb956ab71f27ccea7d01  ppc/rpm-devel-4.4.1-22.ppc.rpm
d0260b73251f2ebca9d46cda26ba731d  ppc/rpm-build-4.4.1-22.ppc.rpm
833d3484b4d4169b518e3cee7f8ffe8f  ppc/rpm-python-4.4.1-22.ppc.rpm
3fdc79debc0679add4e965d23a59b29e  ppc/popt-1.10.1-22.ppc.rpm
d480472dfb69566ece6f9072f2bc4bee  ppc/debug/rpm-debuginfo-4.4.1-22.ppc.rpm
604d36a26a6734dd556012d7abde53f1  ppc/popt-1.10.1-22.ppc64.rpm
37b01382694ac79ce43ab8308cd789cf  x86_64/rpm-4.4.1-22.x86_64.rpm
186c26cedfdc8602c215916749ac75a4  x86_64/rpm-libs-4.4.1-22.x86_64.rpm
5cd21dae524b0918da4cf0c28e3e0bbf  x86_64/rpm-devel-4.4.1-22.x86_64.rpm
d17768c4505657b1c64f397ea568a402  x86_64/rpm-build-4.4.1-22.x86_64.rpm
f832726f36a48a01646cfb371aca60b3  x86_64/rpm-python-4.4.1-22.x86_64.rpm
de6456c074a74c48c35f1d18dd260629  x86_64/popt-1.10.1-22.x86_64.rpm
1184723dc5506944af4758333d883265  x86_64/debug/rpm-debuginfo-4.4.1-22.x86_64.rpm
4080913a0dc8d6e3cd3efeef0ee0e225  x86_64/popt-1.10.1-22.i386.rpm
4267228376a6eaf4cdf6426d0fcf7c02  i386/rpm-4.4.1-22.i386.rpm
2905f7ab83a8a670139eaef1a7cc8ddb  i386/rpm-libs-4.4.1-22.i386.rpm
a7ea6be9916669305028f250e72b1e34  i386/rpm-devel-4.4.1-22.i386.rpm
e3da18a9335d70e8947860edac4f8ce9  i386/rpm-build-4.4.1-22.i386.rpm
8de0b8dc5b9a656fc1f760cdafdd31e4  i386/rpm-python-4.4.1-22.i386.rpm
4080913a0dc8d6e3cd3efeef0ee0e225  i386/popt-1.10.1-22.i386.rpm
97497259fd879f7a4152b4a4974f57fc  i386/debug/rpm-debuginfo-4.4.1-22.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------



2.



- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-561
2005-07-13
- ---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : net-snmp
Version     : 5.2.1.2                      
Release     : fc4.1                  
Summary     : A collection of SNMP protocol tools and libraries.
Description :
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.

You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.

Building option:
	--without tcp_wrappers : disable tcp_wrappers support

- ---------------------------------------------------------------------
Update Information:

A security vulnerability has been found in Net-SNMP releases that
 could allow a denial of service attack against Net-SNMP agent"s which
 have opened a stream based protocol (EG, TCP but not UDP; it should be
 noted that Net-SNMP does not by default open a TCP port).

http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455
- ---------------------------------------------------------------------
* Wed Jul 13 2005 Radek Vokal <rvokal@xxxxxxxxxx> - 5.2.1.2-fc4.1

- - CAN-2005-2177 new upstream version fixing DoS (#162908)

* Tue May 31 2005 Radek Vokal <rvokal@xxxxxxxxxx> - 5.2.1-13

- - CAN-2005-1740 net-snmp insecure temporary file usage (#158770)
- - patch from suse.de


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

b79090650c617e039939241bdc7b3946  SRPMS/net-snmp-5.2.1.2-fc4.1.src.rpm
80b5a855b95900fb5973e6073d25d851  ppc/net-snmp-5.2.1.2-fc4.1.ppc.rpm
478843b0b1c7bc5f04a053bcdb6ddcd8  ppc/net-snmp-utils-5.2.1.2-fc4.1.ppc.rpm
270fc3fecbfbd31718c756f2d0bf2d36  ppc/net-snmp-devel-5.2.1.2-fc4.1.ppc.rpm
33c28040e1ca630bc6f8bfe84ad4af38  ppc/net-snmp-perl-5.2.1.2-fc4.1.ppc.rpm
242d3108af124c3b9d457e8da9ba766d  ppc/net-snmp-libs-5.2.1.2-fc4.1.ppc.rpm
ad273e2a6a6acd3169f4d193b06c3688  ppc/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.ppc.rpm
acb18e87eb710d133a3622954867254a  ppc/net-snmp-libs-5.2.1.2-fc4.1.ppc64.rpm
7de313a1ac5f52382aee5c165653618e  x86_64/net-snmp-5.2.1.2-fc4.1.x86_64.rpm
092b4dfe9ec5b1c19a40a7db2a82dc63  x86_64/net-snmp-utils-5.2.1.2-fc4.1.x86_64.rpm
627b1a3adc9d2c1236085aae4bf2cec5  x86_64/net-snmp-devel-5.2.1.2-fc4.1.x86_64.rpm
7819a593d4b083010ca3ed4939956d68  x86_64/net-snmp-perl-5.2.1.2-fc4.1.x86_64.rpm
cca2e6c99cc7a0a6c6de8a08ab095f94  x86_64/net-snmp-libs-5.2.1.2-fc4.1.x86_64.rpm
148c341e81c53c5098d79c4bcc3f931c  x86_64/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.x86_64.rpm
2ffdbca98fbfff39b894eab6d6f9faaa  x86_64/net-snmp-libs-5.2.1.2-fc4.1.i386.rpm
e7e5ee415a6239d3a5c7e9d1174a07ab  i386/net-snmp-5.2.1.2-fc4.1.i386.rpm
ea9380fb6c23881a2aa861974a32d041  i386/net-snmp-utils-5.2.1.2-fc4.1.i386.rpm
874b9d3fd002d524d3e45a67f88f163e  i386/net-snmp-devel-5.2.1.2-fc4.1.i386.rpm
c6c304989cb5c4ba74736e2eba48848d  i386/net-snmp-perl-5.2.1.2-fc4.1.i386.rpm
2ffdbca98fbfff39b894eab6d6f9faaa  i386/net-snmp-libs-5.2.1.2-fc4.1.i386.rpm
eab2776c49ae418dabab1d85cd95a698  i386/debug/net-snmp-debuginfo-5.2.1.2-fc4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------



3.



- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-562
2005-07-13
- ---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : net-snmp
Version     : 5.2.1.2                      
Release     : FC3.1                  
Summary     : A collection of SNMP protocol tools and libraries.
Description :
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.

You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.

Building option:
	--without tcp_wrappers : disable tcp_wrappers support

- ---------------------------------------------------------------------

* Wed Jul 13 2005 Radek Vokal <rvokal@xxxxxxxxxx> 

- - CAN-2005-2177 new upstream version fixing DoS (#162908)
- - CAN-2005-1740 net-snmp insecure temporary file usage (#158770)
- - session free fixed, agentx modules build fine (#157851)
- - report gigabit Ethernet speeds using Ethtool (#152480)


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

4b721f407f7e3f8328b55c221934a1c3  SRPMS/net-snmp-5.2.1.2-FC3.1.src.rpm
b5e93da4d42a9ed378ade7a4dca53303  x86_64/net-snmp-5.2.1.2-FC3.1.x86_64.rpm
5c9b2a222c5b73d8574bfa73fa7a43db  x86_64/net-snmp-utils-5.2.1.2-FC3.1.x86_64.rpm
0742d799d460c662ead52bc00cb5c0c4  x86_64/net-snmp-devel-5.2.1.2-FC3.1.x86_64.rpm
9f4058884731fb796989c070cc8daf79  x86_64/net-snmp-perl-5.2.1.2-FC3.1.x86_64.rpm
16e4b9661cd1877a7fe4c407defcfb59  x86_64/net-snmp-libs-5.2.1.2-FC3.1.x86_64.rpm
3172c8d4cd09a5aacaf07fe67838b3e0  x86_64/debug/net-snmp-debuginfo-5.2.1.2-FC3.1.x86_64.rpm
7b9f7d1d829c812906550f4788315d55  x86_64/net-snmp-libs-5.2.1.2-FC3.1.i386.rpm
592d67733a8b4dcaa2cae2aff855674d  i386/net-snmp-5.2.1.2-FC3.1.i386.rpm
437282b8f6bf797286b55ab96021b27e  i386/net-snmp-utils-5.2.1.2-FC3.1.i386.rpm
ad465047964e37127328c5c260562d8a  i386/net-snmp-devel-5.2.1.2-FC3.1.i386.rpm
8da7b9da314591bcc6ebf0f139cb79c1  i386/net-snmp-perl-5.2.1.2-FC3.1.i386.rpm
7b9f7d1d829c812906550f4788315d55  i386/net-snmp-libs-5.2.1.2-FC3.1.i386.rpm
bdf494c06278cdb8bd7a029694403ff5  i386/debug/net-snmp-debuginfo-5.2.1.2-FC3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Fedora for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQtY8KYpao72zK539AQELewQAp2T6vurkGo+SW0pkz8+t9PJIi5QRIpa3
LFd8f0a7/wHi54/UTSemH2fkl9HAhsWiFz/duv54DLuIqbmvvCt00oNszHxqpT4v
2gAoUe9JB3JFwE4M29q9wGamVz9w+SMFtHJgOW9hlmPQVlT2XevR0JTR9iDldWs7
OkcGhYjXfCw=
=uBU5
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________