[bluewhite64-security] net-snmp (BW64SA:20080731-07) |
Hash: SHA1 [bluewhite64-security] net-snmp (BW64SA:20080731-07) New net-snmp packages are available for Bluewhite64 12.0, 12.1, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292 Here are the details from the Bluewhite64 12.1 ChangeLog: +--------------------------+ PATCHES/packages/net-snmp-5.4.1.2-x86_64-1.tgz: Upgraded to net-snmp-5.4.1.2. A vulnerability was discovered where an attacked could spoof an authenticated SNMPv3 packet due to incorrect HMAC checking. Also, a buffer overflow was found that could be exploited if an application using the net-snmp perl modules connects to a malicious server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292 [*** Security fix ***] +--------------------------+ Where to find the new packages: +-----------------------------+ See the "Get Bluewhite64" section on http://bluewhite64.com for additional mirror sites near you. Updated package for Bluewhite64 12.0: http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/net-snmp-5.4.1.2-x86_64-1.tgz Updated package for Bluewhite64 12.1: http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/net-snmp-5.4.1.2-x86_64-1.tgz Updated package for Bluewhite64 -current: http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/net-snmp-5.4.1.2-x86_64-1.tgz MD5 signatures: +-------------+ Bluewhite64 12.0 package: a6a2c8bd90a2d7df69952496403bc002 net-snmp-5.4.1.2-x86_64-1.tgz Bluewhite64 12.1 package: 9bc908fc9bf8cc73e4b107a496e5320e net-snmp-5.4.1.2-x86_64-1.tgz Bluewhite64 -current package: 46b0ca365832ab336b723dfc429494f2 net-snmp-5.4.1.2-x86_64-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg net-snmp-5.4.1.2-x86_64-1.tgz +-----+ Bluewhite64 Linux Security Team http://bluewhite64.com/gpg-key security©bluewhite64.com +-------------------------------------------------------+ | To leave the bluewhite64-security mailing list: +-------------------------------------------------------+ | Send a blank email to | | bluewhite64-security-unsubscribe©bluewhite64.com | | You will get a confirmation message back containing | instructions to complete the process. | | Please do not reply to this email address. +--------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkiR1boACgkQpTOsxuDdlY4jVQCeOUelWaeB2AN6CQHBVyHbZ9kg fiwAnjWEU2sdUwyrS6u2VNU+lbpu6Qrb =dbGK -----END PGP SIGNATURE----- |
Latest News
16 November 2009Bluewhite Linux 13.0 LiveDVD is released!
This new version brings the possibility to boot the DVD in KDE (4.3.2), Xfce (4.6.1) or to the command line interface from the beginning. The LiveDVD is powered by the Linux Kernel 2.6.31.5 with advanced features and optimized for performance. Read more...
9 September 2009
Bluewhite Linux 13.0 is released!
This new version of Bluewhite brings many new and interesting features, improvements and packages updates. I like to share with you just a few and the important ones, but if you are interested to see all of them you have to download and install Bluewhite 13.0 Read more...
3 August 2009
Bluewhite Linux 13.0-RC2 is out!
will not say here to much about this Release candidate release, I reserve my words for the final one. Just a few notes about what we are "cooking" here. Read more...