Your message dated Fri, 12 Oct 2018 19:02:09 +0000 with message-id <e1gb2hn-000hgl...@fasolo.debian.org> and subject line Bug#910638: fixed in net-snmp 5.7.3+dfsg-1.7+deb9u1 has caused the Debian Bug report #910638, regarding net-snmp: CVE-2018-18065 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 910638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910638 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: net-snmp Version: 5.7.3+dfsg-1 Severity: grave Tags: patch security upstream Hi, The following vulnerability was published for net-snmp. CVE-2018-18065[0]: | _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has | a NULL Pointer Exception bug that can be used by an authenticated | attacker to remotely cause the instance to crash via a crafted UDP | packet, resulting in Denial of Service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-18065 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18065 [1] https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: net-snmp Source-Version: 5.7.3+dfsg-1.7+deb9u1 We believe that the bug you reported is fixed in the latest version of net-snmp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 910...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated net-snmp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Oct 2018 10:45:49 +0200 Source: net-snmp Binary: snmpd snmptrapd snmp libsnmp-base libsnmp30 libsnmp30-dbg libsnmp-dev libsnmp-perl python-netsnmp tkmib Architecture: source Version: 5.7.3+dfsg-1.7+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 910638 Description: libsnmp-base - SNMP configuration script, MIBs and documentation libsnmp-dev - SNMP (Simple Network Management Protocol) development files libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support libsnmp30 - SNMP (Simple Network Management Protocol) library libsnmp30-dbg - SNMP (Simple Network Management Protocol) library debug python-netsnmp - SNMP (Simple Network Management Protocol) Python support snmp - SNMP (Simple Network Management Protocol) applications snmpd - SNMP (Simple Network Management Protocol) agents snmptrapd - Net-SNMP notification receiver tkmib - SNMP (Simple Network Management Protocol) MIB browser Changes: net-snmp (5.7.3+dfsg-1.7+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * snmpd crashes when receiving a GetNext PDU with multiple Varbinds (CVE-2018-18065) (Closes: #910638) Checksums-Sha1: 9892e4bb6b3612d5cfd4f6e4ce1c10e678640edf 3316 net-snmp_5.7.3+dfsg-1.7+deb9u1.dsc ebbbc5e9fc5006edd3e62d595366497592d964a2 3371224 net-snmp_5.7.3+dfsg.orig.tar.xz c4b93e29ac47a4129bea38a52bdecf82d673cd29 74236 net-snmp_5.7.3+dfsg-1.7+deb9u1.debian.tar.xz Checksums-Sha256: 61687e824bca1d7cbfa0506c854f4cbcbbefaa0d0e1c012a7c88520e5139815d 3316 net-snmp_5.7.3+dfsg-1.7+deb9u1.dsc 073eb05b926a9d23a2eba3270c4e52dd94c0aa27e8b7cf7f1a4e59a4d3da3fb5 3371224 net-snmp_5.7.3+dfsg.orig.tar.xz 17d7cd84de728889aabec767eb8b616bb750a42a194eddbd66953dd6311eb88b 74236 net-snmp_5.7.3+dfsg-1.7+deb9u1.debian.tar.xz Files: f7f9d620ab58372044e7d6110b2b1c90 3316 net optional net-snmp_5.7.3+dfsg-1.7+deb9u1.dsc 6391ae27eb1ae34ff5530712bb1c4209 3371224 net optional net-snmp_5.7.3+dfsg.orig.tar.xz 424d11ee489f1f8f7e0efae9df590be6 74236 net optional net-snmp_5.7.3+dfsg-1.7+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlu9GMFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EgIsP/2emxTpp0+jWMagBt72U9nG/wHkWijFW WVdoRq4qH8/iJY0/AcTaoOv1iNsCjKZhWEBpsmIebKLBGRtZTJ2P9P5wtYcdpkKa IxGrJMmg2qRey8nvKrYqOI1Q21DVO1z9sCP4rpkc/rWb8GLDMCV7xpg4mBi1IzYL YNo5dMfn+BxVyrzRpBBS8g8AkQqtCM/OOUgfozAvOB/Tz93VRHy/6LVeqpLdPSc4 /+CnkdwalhvJlGRFulDmwRy3f14msbffHIHBlAdLi0r18Mp1Z11KU4C72NQpjMOn 2bUcjtESlf2sTI8ryJeAcBIrRdAEtKFXR/iLtDmeRJYhLI6ZzaXg86i3zurToTFb +iK8ZE6PUqelGXn+7naBBR6IQ5MQYE4Lwy5CGlkyEsuzJOuZBZ8yr2E4radC5fAz Hb1CLis+ETzGtMAhWI6+i+yrlJJAZYkJyqF51sci5HMxgp0jmIA+adR8UVQBeNHG iAoHudnxVeeFEpabAV6fxcxraN7GW0pc68kvC52rhd7SUGZLOQe9wbuvdJ4i218k xQpqf3+K4JswXsYQ/I4cZVwsHdt6arDel9UhjUQi3fbtR3VoUum52E8k2pa5RWnZ D+upZWSuUG9EHtQw0iEl7krn+T2faef/7YNbiS2v6ZntOA9/N5vps9jLsvHEeVXP JFLjBfAeoPB4 =zzLz -----END PGP SIGNATURE-----
--- End Message ---
