UbuntuUpdates.org

Package "snmpd"

Name: snmpd

Description:

SNMP (Simple Network Management Protocol) agents

Latest version: 5.7.2~dfsg-8.1ubuntu3.3
Release: trusty (14.04)
Level: updates
Repository: main
Head package: net-snmp
Homepage: http://net-snmp.sourceforge.net/

Links


Download "snmpd"


Other versions of "snmpd" in Trusty

Repository Area Version
base main 5.7.2~dfsg-8.1ubuntu3
security main 5.7.2~dfsg-8.1ubuntu3.3

Changelog

Version: 5.7.2~dfsg-8.1ubuntu3.3 2018-10-15 19:06:31 UTC

  net-snmp (5.7.2~dfsg-8.1ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via NULL pointer exception
    - debian/patches/CVE-2018-18065.patch: fix logic in
      agent/helpers/table.c.
    - CVE-2018-18065

 -- Marc Deslauriers <email address hidden> Mon, 15 Oct 2018 10:17:19 -0400

Source diff to previous version
CVE-2018-18065 _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to

Version: 5.7.2~dfsg-8.1ubuntu3.2 2016-04-20 15:06:48 UTC

  net-snmp (5.7.2~dfsg-8.1ubuntu3.2) trusty-proposed; urgency=medium

  * debian/libsnmp-dev.install
    - add missing net-snmp-create-v3-user (LP: #1322431)

 -- Brian Murray <email address hidden> Fri, 12 Feb 2016 14:27:01 -0800

Source diff to previous version
1322431 libsnmp-dev: Cannot create snmpv3 user with net-snmp-config command

Version: 5.7.2~dfsg-8.1ubuntu3.1 2015-08-17 18:06:38 UTC

  net-snmp (5.7.2~dfsg-8.1ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted SNMP trap message
    - debian/patches/CVE-2014-3565.patch: handle variables with wrong types
      in snmplib/mib.c.
    - CVE-2014-3565
  * SECURITY UPDATE: denial of service and possible code execution via
    incompletely parsed varBind variables
    - debian/patches/CVE-2015-5621.patch: don't return incorrectly parsed
      varbinds in snmplib/snmp_api.c.
    - CVE-2015-5621

 -- Marc Deslauriers Thu, 13 Aug 2015 10:27:24 -0400

CVE-2014-3565 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via
CVE-2015-5621 net-snmp snmp_pdu_parse() function incompletely initialization vulnerability



About   -   Send Feedback to @ubuntu_updates