Your message dated Wed, 01 Nov 2006 09:02:31 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#389434: fixed in net-snmp 5.2.3-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libsnmp-base
Version: 5.2.3-1
Severity: critical
Justification: may lead to DoS
I just noticed that somehow the file /usr/share/snmp/mibs/.index had been
created, probably due to the hplip package using SNMP; despite creating a file
dynamically in /usr probably violates FHS, the permissions of the file impose a
security threat:
-rw-rw-rw- 1 root root 2148 Sep 20 17:50 /usr/share/snmp/mibs/.index
Any user may fill this file with arbitrary data and thus get the partition this
directory resides on completely filled. Furthermore it may introduce other
security risks, if the contents of this file is evaluated; but I don't know
anything about the internals of libsnmp and thus cannot say, whether this really
poses a problem.
Regards,
Michael
pgp27nvynoZV1.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: net-snmp
Source-Version: 5.2.3-2
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:
libsnmp-base_5.2.3-2_all.deb
to pool/main/n/net-snmp/libsnmp-base_5.2.3-2_all.deb
libsnmp-perl_5.2.3-2_sparc.deb
to pool/main/n/net-snmp/libsnmp-perl_5.2.3-2_sparc.deb
libsnmp9-dev_5.2.3-2_sparc.deb
to pool/main/n/net-snmp/libsnmp9-dev_5.2.3-2_sparc.deb
libsnmp9_5.2.3-2_sparc.deb
to pool/main/n/net-snmp/libsnmp9_5.2.3-2_sparc.deb
net-snmp_5.2.3-2.diff.gz
to pool/main/n/net-snmp/net-snmp_5.2.3-2.diff.gz
net-snmp_5.2.3-2.dsc
to pool/main/n/net-snmp/net-snmp_5.2.3-2.dsc
snmp_5.2.3-2_sparc.deb
to pool/main/n/net-snmp/snmp_5.2.3-2_sparc.deb
snmpd_5.2.3-2_sparc.deb
to pool/main/n/net-snmp/snmpd_5.2.3-2_sparc.deb
tkmib_5.2.3-2_all.deb
to pool/main/n/net-snmp/tkmib_5.2.3-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Friedrich <[EMAIL PROTECTED]> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 01 Nov 2006 16:48:11 +0200
Source: net-snmp
Binary: libsnmp9 tkmib snmp libsnmp-perl libsnmp-base libsnmp9-dev snmpd
Architecture: source all sparc
Version: 5.2.3-2
Distribution: unstable
Urgency: high
Maintainer: Net-SNMP Packaging Team <[EMAIL PROTECTED]>
Changed-By: Jochen Friedrich <[EMAIL PROTECTED]>
Description:
libsnmp-base - NET SNMP (Simple Network Management Protocol) MIBs and Docs
libsnmp-perl - NET SNMP (Simple Network Management Protocol) Perl5 Support
libsnmp9 - NET SNMP (Simple Network Management Protocol) Library
libsnmp9-dev - NET SNMP (Simple Network Management Protocol) Development Files
snmp - NET SNMP (Simple Network Management Protocol) Apps
snmpd - NET SNMP (Simple Network Management Protocol) Agents
tkmib - NET SNMP (Simple Network Management Protocol) MIB Browser
Closes: 387174 388190 389434
Changes:
net-snmp (5.2.3-2) unstable; urgency=high
.
* Revert 1.13.2.2 of ifTable_data_access as this causes a crash on
disappearing interfaces (Closes: #387174, #388190)
* Create .index file on libsnmp-base postinstall to prevent write
access on /usr filesystem during runtime (Closes: #389434)
* Urgency high due to RC bug fixes.
Files:
0cbe84fffd5bc3fb5475aa35c47db9a6 1186 net optional net-snmp_5.2.3-2.dsc
503bbc086e9bcc1f2e6e6178d81d1e61 83440 net optional net-snmp_5.2.3-2.diff.gz
894dfab170f4f5f69cf4ecfb258c3c73 1199272 libs optional
libsnmp-base_5.2.3-2_all.deb
64ea82626f0959296447a3b2ae956c59 854020 net optional tkmib_5.2.3-2_all.deb
1ed10ee43b7908469e2af501b2ae7fdc 830758 net optional snmpd_5.2.3-2_sparc.deb
5babf3bcedaca539f1b70dbc5cbf4c58 923842 net optional snmp_5.2.3-2_sparc.deb
f176721b80d1b268d37e78179d58f850 1778834 libs optional
libsnmp9_5.2.3-2_sparc.deb
779e13311ad760e6c656dae503a5ae2c 1545824 libdevel optional
libsnmp9-dev_5.2.3-2_sparc.deb
6dfebe63c8c1769b654647b3363fb875 916970 perl optional
libsnmp-perl_5.2.3-2_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRUjP3cP9a9GOLSE6AQIZWQf+KBk5BDvqP1DS/qA0JYumkU8dF02Y77av
rHyOTVruWz5dYF1l71j4mmsHW1xqNtg/WYPJdUmIwfPi2Uk+qG4fuHTlgxRkV4Fz
E1y/r19P2EaH2o4P+rZuqFp0ldg+5AwPJL81r9bRZAiYl5mEfb4VGXymVEWfG6FO
2DaoQladIfUk3bjohLnWpvNgxVWQCAlwf2vcNlZ3ayyvapBOmjrw+cmVz7H0FwCD
ShbQ9LwX6dDfLc8QXhPy5wPR3vv8CS4f0L6dwuvFvmXdFPRkJj0337Gw72SX8iVc
YHDIlhF4eknhvBFimx2tUT9oX6uzVXL2o0zyN94ICMbC2AxKO4iKSQ==
=DUYB
-----END PGP SIGNATURE-----
--- End Message ---
