Your message dated Tue, 25 Jul 2006 20:41:04 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Removed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ucd-snmp
Severity: critical
Tags: security patch
Hello
According to
http://online.securityfocus.com/bid/14168/references
other vendors also updated their ucd-snmp packages due to the recent
security bug in net-snmp (which was based upon ucd-snmp).
The patch that Connectiva used looks quite simple:
--- ucd-snmp-4.2.5/snmplib/snmp_api.c.DoS 2005-08-03 17:16:17.000000000
+0200
+++ ucd-snmp-4.2.5/snmplib/snmp_api.c 2005-08-03 17:22:12.000000000 +0200
@@ -4120,7 +4120,7 @@
else
isp->proper_len = asn_check_packet(isp->packet, isp->packet_len);
- if (isp->proper_len > MAX_PACKET_LENGTH) {
+ if (isp->proper_len > MAX_PACKET_LENGTH || isp->proper_len < 0) {
/* illegal length, drop the connection */
snmp_log(LOG_ERR,"Maximum packet size exceeded in a request.\n");
isp->sd = -1;
bye,
-christian-
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-15) (ignored: LC_ALL set
to [EMAIL PROTECTED])
--- End Message ---
--- Begin Message ---
ucd-snmp has been removed from Debian unstable because it is
"superseded by net-snmp; dead upstream".
--
Martin Michlmayr
http://www.cyrius.com/
--- End Message ---
