lp:ubuntu/dapper-updates/net-snmp
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/net-snmp
Branch merges
Branch information
Recent revisions
- 9. By Kees Cook
-
* SECURITY UPDATE: authentication bypass via spoofed SNMPv3 packets.
- 51_CVE-2008-0960. patch: fixes thanks to Nico Golde.
* SECURITY UPDATE: arbitrary code execution via buffer overflow.
- 52_CVE-2008-2292. patch: fixes thanks to Jochen Friedrich.
* SECURITY UPDATE: denial of service via number of getbulk responses.
- 53_CVE-2008-4309. patch: ported fixes from Jochen Friedrich. - 8. By Stephan RĂ¼gamer
-
* SECURITY UPDATE: CVE-2007-5846 (LP: #164007)
The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to
cause a denial of service (CPU and memory consumption) via a GETBULK request
with a large max-repeaters value.
* debian/patches/ 50_CVE- 2007-5846. patch,
debian/patches/ 50_CVE- 2007-5846. README:
Applied patch from upstream and explanation
(Link: http://sourceforge. net/tracker/ index.php? func=detail& aid=1712988& group_id= 12694&atid= 112694 )
* References:
CVE-2007-5846 - 7. By Kees Cook
-
* SECURITY UPDATE: denial of service via crafted TCP session.
* Add 14_snmpapi_crash.patch: upstream fixes.
* References
CVE-2005-4837 - 6. By Adam Conrad
-
* Merge the setup of the snmp user from the Debian packaging, which uses
/var/lib/snmp for the user's home, not /home/snmp (launchpad.net/33377)
* Migrate the snmp user's passwd entry from the old home dir to the new. - 4. By Martin Pitt
-
* SECURITY UPDATE: Fix remote Denial of Service.
* snmplib/snmp_api.c: Free the correct buffer when a stream-based connection
(like TCP) terminates.
* References:
CAN-2005-2177
http://sourceforge. net/tracker/ index.php? func=detail& aid=1207023& group_id= 12694&atid= 112694 - 3. By Adam Conrad
-
Apply safe-but-hackish patch by Henrique de Moraes Holschuh to
fix the libdir in libsnmp5-dev's .la files (Ubuntu bug #8393) - 2. By Martin Pitt
-
* snmpd.default: run as user 'snmp' by default, not root (Warty bug #1151)
* snmpd.postinst:
- create system user snmp
- removed superfluous version check which could have never been executed
* snmpd.postrm:
- delete user snmp on purge
- quoted comparison of $1 (it could be empty)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/net-snmp