Debian Bug report logs -
#760132
net-snmp: CVE-2014-3565
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 1 Sep 2014 06:12:02 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
Found in versions net-snmp/5.7.2.1~dfsg-6.1, net-snmp/5.4.3~dfsg-2
Fixed in versions net-snmp/5.7.2.1~dfsg-7, net-snmp/5.4.3~dfsg-2.8+deb7u1
Done: Hideki Yamane <henrich@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>:
Bug#760132; Package src:net-snmp.
(Mon, 01 Sep 2014 06:12:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>.
(Mon, 01 Sep 2014 06:12:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: net-snmp
Version: 5.7.2.1~dfsg-6.1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for net-snmp.
CVE-2014-3565[0]:
net-snmp: snmptrapd crash
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-3565
[1] http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1125155
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions net-snmp/5.4.3~dfsg-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 01 Sep 2014 17:27:09 GMT) (full text, mbox, link).
Reply sent
to Hideki Yamane <henrich@debian.org>:
You have taken responsibility.
(Wed, 17 Sep 2014 15:24:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 17 Sep 2014 15:24:11 GMT) (full text, mbox, link).
Message #12 received at 760132-close@bugs.debian.org (full text, mbox, reply):
Source: net-snmp
Source-Version: 5.7.2.1~dfsg-7
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 760132@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hideki Yamane <henrich@debian.org> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Sep 2014 15:56:45 +0900
Source: net-snmp
Binary: snmpd snmptrapd snmp libsnmp-base libsnmp30 libsnmp30-dbg libsnmp-dev libsnmp-perl python-netsnmp tkmib
Architecture: source amd64 all
Version: 5.7.2.1~dfsg-7
Distribution: unstable
Urgency: medium
Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>
Changed-By: Hideki Yamane <henrich@debian.org>
Description:
libsnmp-base - SNMP configuration script, MIBs and documentation
libsnmp-dev - SNMP (Simple Network Management Protocol) development files
libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
libsnmp30 - SNMP (Simple Network Management Protocol) library
libsnmp30-dbg - SNMP (Simple Network Management Protocol) library debug
python-netsnmp - SNMP (Simple Network Management Protocol) Python support
snmp - SNMP (Simple Network Management Protocol) applications
snmpd - SNMP (Simple Network Management Protocol) agents
snmptrapd - Net-SNMP notification receiver
tkmib - SNMP (Simple Network Management Protocol) MIB browser
Closes: 760132
Changes:
net-snmp (5.7.2.1~dfsg-7) unstable; urgency=medium
.
* debian/patches
- add CVE-2014-3565.patch taken from upstream to fix CVE-2014-3565
(Closes: #760132)
Checksums-Sha1:
4b94aebbfc54180474a92573f0a83423361777a1 3032 net-snmp_5.7.2.1~dfsg-7.dsc
01a94aa9661c3ada0a69dc86e6734312c86747da 63176 net-snmp_5.7.2.1~dfsg-7.debian.tar.xz
cbabcb4e44266d36bf26948cbf4f2f46656df214 56858 snmpd_5.7.2.1~dfsg-7_amd64.deb
f8bb368dddc7c900b07aa45d7cc284daa091a90f 23146 snmptrapd_5.7.2.1~dfsg-7_amd64.deb
6c1ef9dcb9dca5af62da4ae9c9f13a7e94628d70 146724 snmp_5.7.2.1~dfsg-7_amd64.deb
2d1f967e1d35bc9d63b2f152c40e6d0ba8c7f31c 1767892 libsnmp-base_5.7.2.1~dfsg-7_all.deb
fba96d177adf3833f0e6ab1b2577440ae706192b 2155316 libsnmp30_5.7.2.1~dfsg-7_amd64.deb
b42aed9ce6dedf89ed392c7a943cbf53ae390d5f 2015294 libsnmp30-dbg_5.7.2.1~dfsg-7_amd64.deb
17d554af764a561f448e0674e30e303cffe5df6b 1069942 libsnmp-dev_5.7.2.1~dfsg-7_amd64.deb
ad64664c25ddb7fb3846981eeaf6e66361358fb2 1459080 libsnmp-perl_5.7.2.1~dfsg-7_amd64.deb
5da99b39c2b7904cb064939e4fb780d941fde45a 19720 python-netsnmp_5.7.2.1~dfsg-7_amd64.deb
a745e299d58a1f224b87b5240ef0e1fc599111c4 1430862 tkmib_5.7.2.1~dfsg-7_all.deb
Checksums-Sha256:
2ddce7ac26ef18b18f194cc8d4db5ad3540d329584aebd977642f9a289039073 3032 net-snmp_5.7.2.1~dfsg-7.dsc
63bffccf11e75c2e664892bb8aeef864dca1ef37a67de32dbc56494b8d0efcf1 63176 net-snmp_5.7.2.1~dfsg-7.debian.tar.xz
bcd426f5291208903965e973c36b0d8caab2cedece548795a7334122cddb74a4 56858 snmpd_5.7.2.1~dfsg-7_amd64.deb
607b47ca20788489ae7d2605b795c07021533b3551d903f08103ac1db8b53d6d 23146 snmptrapd_5.7.2.1~dfsg-7_amd64.deb
c16055246cb1207edf318b62b19c42cad3905ed38fb8d5292b8337871eb242e6 146724 snmp_5.7.2.1~dfsg-7_amd64.deb
5140ebe7d60202dc5bdd97df100942ec3bddd85dbe73e63adbd19769dc53bf93 1767892 libsnmp-base_5.7.2.1~dfsg-7_all.deb
ce10d979eac785d46d9ff2e6a6c580d562e5e3eef5f3d3a571ebd3dfd95615d4 2155316 libsnmp30_5.7.2.1~dfsg-7_amd64.deb
0688a8c16fd005258c96c78a3ba7d6be581d5d2fe10b36ff4bc4c3571e124e12 2015294 libsnmp30-dbg_5.7.2.1~dfsg-7_amd64.deb
62cf6ac7720ca67aac14dceb3ec089ac03a3facab168976f582b25fa4ff1129b 1069942 libsnmp-dev_5.7.2.1~dfsg-7_amd64.deb
4da9c3f9f0a242aee5ac9a42477e9747b84c99cabf9f9154fe689ac48c1264d2 1459080 libsnmp-perl_5.7.2.1~dfsg-7_amd64.deb
21653ee21218dc53daf8f440d78ff4b1445d6602e2c9daa540c2686446c9e005 19720 python-netsnmp_5.7.2.1~dfsg-7_amd64.deb
77428e470e6a3f587fdaff57671524504e59a6d71e030322090a25138159540d 1430862 tkmib_5.7.2.1~dfsg-7_all.deb
Files:
8f9e945358558657408871f4cf9b813d 56858 net optional snmpd_5.7.2.1~dfsg-7_amd64.deb
a23a617e4b05bde4eb09e90f494bf4fb 23146 net optional snmptrapd_5.7.2.1~dfsg-7_amd64.deb
122164ecaac179ea64f76df8237fe253 146724 net optional snmp_5.7.2.1~dfsg-7_amd64.deb
017e6545366851c60fd40906f1b666e9 1767892 libs optional libsnmp-base_5.7.2.1~dfsg-7_all.deb
f6375c2b3ad182277741ddcdaca30eed 2155316 libs optional libsnmp30_5.7.2.1~dfsg-7_amd64.deb
7620fc356b9f99cb18fd1712724cf755 2015294 debug extra libsnmp30-dbg_5.7.2.1~dfsg-7_amd64.deb
0e2b807ae29149fbd5773773f427a615 1069942 libdevel optional libsnmp-dev_5.7.2.1~dfsg-7_amd64.deb
78bc0374df8dde92e0ab7867c0354b75 1459080 perl optional libsnmp-perl_5.7.2.1~dfsg-7_amd64.deb
1c0cbfa67522d83ef1a62f7c831aee35 19720 python optional python-netsnmp_5.7.2.1~dfsg-7_amd64.deb
e6493f742dde06f066dc641d36f7325b 1430862 net optional tkmib_5.7.2.1~dfsg-7_all.deb
2b2b49eed4ca53f5069285ba7edb0390 3032 net optional net-snmp_5.7.2.1~dfsg-7.dsc
c555604c946b062feba5693c724e4b19 63176 net optional net-snmp_5.7.2.1~dfsg-7.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUGTQQAAoJEF0yjQgqqrFADJsP/0EIfwfk+SKp6YeWRFlIwDSP
+Uw65avurv3QmF3KorlCXUbKZfqpE3q4Phv9c5ilMDLpA5uoMnrqOpbJwOJ80rLR
/VzMJjyHRLmeKNMzZzJE7xhGIxv4Ud1n7HuRDxpqWi2pWkj9YnsudhEiCiCg5d7j
PmdyFtF6NLpailVDj6m1yWOjZFJsIgNQGyagmztBJxw1egcqYo7YntxfHpW9+v7t
I1DO1i/vQeH7dfFbyGRbbof/NSlrXR5n+yseZHE1N68qn9cRbubCs98KNrewdqBE
nHj/+xjCHse/Kq3wsIeCZTjd4TK2tpFAmmOw9+o8o0oBFUNfVeeLAq5vNPaO1+Rw
r+t1ObKNwK93ISaIKppWBt5lCWKMh/zLK4uw+FyO+HehchG5q9+dMr5DhMRX2vMx
TmOjB4OnwBoITqOMMDpfLW0wHWOxys3qzJxKTzlaQzOhAjgP0X7OjpFgVnxkKs/I
E2uLC7WZD3FnTIYyWK0bwOPdTQGV1SjOJGCXH4SP4D3y3vqyPppHy5yH6+WHGuut
orb64g4kBGpfDaAXAE7w+pfCSGaUotswLmyKCuxDAqU4DTybJuXepySikh4fSRzx
2+vnVmgXwFcn2ULjrZkpPZD1aN0kqK5DoMkzdNOFHc8Edgf7nX5wsdjYbi1D5M9v
nMvwhqwapy6TUsaRlhIs
=KjEu
-----END PGP SIGNATURE-----
Reply sent
to Hideki Yamane <henrich@debian.org>:
You have taken responsibility.
(Mon, 22 Sep 2014 22:21:17 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 22 Sep 2014 22:21:17 GMT) (full text, mbox, link).
Message #17 received at 760132-close@bugs.debian.org (full text, mbox, reply):
Source: net-snmp
Source-Version: 5.4.3~dfsg-2.8+deb7u1
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 760132@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hideki Yamane <henrich@debian.org> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Sep 2014 00:27:07 +0900
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp15-dbg libsnmp-dev libsnmp-perl libsnmp-python tkmib
Architecture: source amd64 all
Version: 5.4.3~dfsg-2.8+deb7u1
Distribution: stable-proposed-updates
Urgency: medium
Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>
Changed-By: Hideki Yamane <henrich@debian.org>
Description:
libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
libsnmp-dev - SNMP (Simple Network Management Protocol) development files
libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
libsnmp-python - SNMP (Simple Network Management Protocol) Python support
libsnmp15 - SNMP (Simple Network Management Protocol) library
libsnmp15-dbg - SNMP (Simple Network Management Protocol) library debug
snmp - SNMP (Simple Network Management Protocol) applications
snmpd - SNMP (Simple Network Management Protocol) agents
tkmib - SNMP (Simple Network Management Protocol) MIB browser
Closes: 721224 760132
Changes:
net-snmp (5.4.3~dfsg-2.8+deb7u1) stable-proposed-updates; urgency=medium
.
* debian/patches
- add bug#721224_entries_over50.patch to fix "snmpd: produces error if the
Executables/scripts entries in snmpd.conf is over 50" taken patch from
Red Hat Bugzilla.
Thanks to "Christian Ruppert" <c.ruppert@babiel.com> for the report
(Closes: #721224)
- add TrapReceiver.patch to fix CVE-2014-2285
- add CVE-2014-3565.patch taken from upstream to fix CVE-2014-3565
(Closes: #760132)
- add CVE-2012-6151.patch taken from Fedora to fix CVE-2012-6151
Checksums-Sha1:
5c19d4a0766c351b104a58bb9f2c566260b5adfa 2759 net-snmp_5.4.3~dfsg-2.8+deb7u1.dsc
214bf795017839a57cd61f73b071e71b490825b5 59482 net-snmp_5.4.3~dfsg-2.8+deb7u1.debian.tar.gz
3b0b41bc0fba78e290cd91cc2c814714f1f41b8c 966914 snmpd_5.4.3~dfsg-2.8+deb7u1_amd64.deb
8d7bc2d6c4317d20ee0f5b77c54553149979a400 1051798 snmp_5.4.3~dfsg-2.8+deb7u1_amd64.deb
54e1058c5dec4ea15234d6f8089deb28ca0da9e7 1099712 libsnmp-base_5.4.3~dfsg-2.8+deb7u1_all.deb
d69a44b9fff1754cf31694ef39d87bd4d2e1844c 2246034 libsnmp15_5.4.3~dfsg-2.8+deb7u1_amd64.deb
4d4fae77b3f8219dfb54a5fceb70a7d5da8e84af 2521964 libsnmp15-dbg_5.4.3~dfsg-2.8+deb7u1_amd64.deb
d07c0023cfb5295f516a9613365005d130272e61 1834248 libsnmp-dev_5.4.3~dfsg-2.8+deb7u1_amd64.deb
500682b8a8033c3b9fdb51df1a5fa6e2b59f56e2 128700 libsnmp-perl_5.4.3~dfsg-2.8+deb7u1_amd64.deb
c8870481211fe17525989a73c394082dfc9a0f9e 928488 libsnmp-python_5.4.3~dfsg-2.8+deb7u1_amd64.deb
e8acb9696664c840a1e2d7b4b9fb80f4db17c87c 982850 tkmib_5.4.3~dfsg-2.8+deb7u1_all.deb
Checksums-Sha256:
0480314a2089d6cfc97463395f732e57db4688db89b6c2e581acca6e11b2bb32 2759 net-snmp_5.4.3~dfsg-2.8+deb7u1.dsc
67d4259522d2366e63e0912816813730d10adb6e08633e9c7545e0187276906d 59482 net-snmp_5.4.3~dfsg-2.8+deb7u1.debian.tar.gz
e4e50cf110b0c7b19a41f6bb32d9716765fc2a128a8da5e5562be7a12408a5c8 966914 snmpd_5.4.3~dfsg-2.8+deb7u1_amd64.deb
33369da5ace0d9fa3a910a5429a0b40ac4e669ffb49b735697915e59151b600f 1051798 snmp_5.4.3~dfsg-2.8+deb7u1_amd64.deb
b561037cc1d7ce0670a42f8030ad56990b359874a6924f294755687ff45acdea 1099712 libsnmp-base_5.4.3~dfsg-2.8+deb7u1_all.deb
a7e37489dc4220928f801aef6e77fbfe081547239205cb005448ef7187c3ef5a 2246034 libsnmp15_5.4.3~dfsg-2.8+deb7u1_amd64.deb
f9d03989a19e6fd19f14cfc3f697b84cfe03723802acedba3aa6e5f189fc4d3c 2521964 libsnmp15-dbg_5.4.3~dfsg-2.8+deb7u1_amd64.deb
f9c55ceed439d87446c9c74af71d5d1cb6ad6c1efd3155c09ef5bce1f902e8b6 1834248 libsnmp-dev_5.4.3~dfsg-2.8+deb7u1_amd64.deb
862c6a51ee3929a8978218cb1cea6f5c7259b66b2f486cc8bd23ab19c20407b3 128700 libsnmp-perl_5.4.3~dfsg-2.8+deb7u1_amd64.deb
a504488564f0a9a668a2bf0c48afcf025f7c43de07a8db31a170bc66231f51fc 928488 libsnmp-python_5.4.3~dfsg-2.8+deb7u1_amd64.deb
1f98e5711281903949cbd02e8d904df28a1f2fc9e23c8d3b4ca6c862a5949115 982850 tkmib_5.4.3~dfsg-2.8+deb7u1_all.deb
Files:
ea8059368453cd45e6704561a8bdc03a 2759 net optional net-snmp_5.4.3~dfsg-2.8+deb7u1.dsc
5e6e04b9709ee558a4fa33231aece424 59482 net optional net-snmp_5.4.3~dfsg-2.8+deb7u1.debian.tar.gz
078e28ff7ddc9bbef49171d324778ec7 966914 net optional snmpd_5.4.3~dfsg-2.8+deb7u1_amd64.deb
d0139086dc0eca3763b92d1d2281b6e8 1051798 net optional snmp_5.4.3~dfsg-2.8+deb7u1_amd64.deb
1eaa327d8a07707d77e77df36174ccb0 1099712 libs optional libsnmp-base_5.4.3~dfsg-2.8+deb7u1_all.deb
3079cbbf60c11fa075e7650a3dc78765 2246034 libs optional libsnmp15_5.4.3~dfsg-2.8+deb7u1_amd64.deb
7d3df5cb66c0fd1739e7d2c0f1591e37 2521964 debug extra libsnmp15-dbg_5.4.3~dfsg-2.8+deb7u1_amd64.deb
a4ae7da6da2473bef19d98a0789f8432 1834248 libdevel optional libsnmp-dev_5.4.3~dfsg-2.8+deb7u1_amd64.deb
170303d6c180dd031d549be793ddae5b 128700 perl optional libsnmp-perl_5.4.3~dfsg-2.8+deb7u1_amd64.deb
38ec0de4772a9dbea93675964b715506 928488 python optional libsnmp-python_5.4.3~dfsg-2.8+deb7u1_amd64.deb
a09211d0a699fdb90b372a66265b2ae1 982850 net optional tkmib_5.4.3~dfsg-2.8+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUHrF1AAoJEF0yjQgqqrFAh5wP/jE4eU7+PpnR+TVS1Zm4Y04k
Mjbo5vYT5mE70oCKWKTcEuHwOKyVNWdnVpDLz3uVjq3fYBbkYvcS1vc+PtX009P0
N3xjtgZVIhHDErOX9x10rFZcgvzHiaJPmY6C8vtwuVYHF4Fms8qhY9ew6nePO/Cc
Z+BoAv9+DazO3T1ZjgfOVEtcBaRlnViysvZWZn0gZVeJChqnJHT2rjHWazfrlpLv
Z/ZOu5f00A5TNJZ6cyvodJZaY87TO+jFvMcSPe6ZZwpNZDGdT33/Ly7tIk1z/4En
N168K0TJoMjewkic77XqSJMijPgSaB5B6XReAthyhC514F4Ar5YaxHIpoDXYWci9
6w3kWSzLwPC2ZGcQWeD5tRTG2KTLj7HtE1hDrmYQq9gNDahdCqCrq2zI4s1/pzTb
uOPXk8Dp5HLjj8s46m3Uon8LscSSwCUgHw/0mXYHD5HVragZAr1CexXemEUZC5nG
O9GQYkxmn3Nu0csj0L08Rg0rFCMQyoy63hqnGRpcBiMcToDD4CG5itnoiOt/E5cR
H4ktqGvITEyvWcalZQugWg79HHNZE0h5ygPoaQ3bx/91nZSSCFD8U6ykzMZkxM9v
DX31BX5iHQXobbUM7Tfc48YI4igvpDDmEG33R9ImwKFUQlUx7cNe0eHMysevAIi+
Dbi4BOcVV/ZebuzWk5CM
=dY0m
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 21 Oct 2014 07:29:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:38:14 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon