Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
TSLSA-2005-0034 - multi

From: Trustix Security Advisor (tsltrustix.org)
Date: Fri Jul 08 2005 - 07:30:49 CDT

Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0034

Package name: net-snmp, zlib
Summary: Multiple vulnerabilities
Date: 2005-07-08
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  SNMP (Simple Network Management Protocol) is a protocol used for
  network management. The NET-SNMP project includes various SNMP tools:
  an extensible agent, an SNMP library, tools for requesting or setting
  information from SNMP agents, tools for generating and handling SNMP
  traps, a version of the netstat command which uses SNMP, and a Tk/Perl
  mib browser. This package contains the snmpd and snmptrapd daemons,
  documentation, etc.

  The zlib compression library provides in-memory compression and
  decompression functions, including integrity checks of the uncompressed

Problem description:
  Fixed a denial of service vulnerability when stream sockets have
  been configured for use (E.G., TCP but not UDP). Bug#1038

  Security Fix: This flaw is due to a buffer overflow error when
  processing a malformed data stream, which could be exploited by
  attackers to execute arbitrary code via a specially crafted compressed
  stream embedded within network communication or an application file format.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2005-2096.

  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.

  All Trustix Secure Linux updates are available from

About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.

Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Check out our mailing lists:

  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:

  The advisory itself is available from the errata pages at
  or directly at

MD5sums of the packages:
- --------------------------------------------------------------------------
79da098bccacb4a99c327ba590533663 3.0/rpms/net-snmp-
d26360f4f3f1d95003fc6c3ff3f2b59c 3.0/rpms/net-snmp-devel-
b51dad2e029dc95d2ca3823412a8afba 3.0/rpms/net-snmp-libs-
67d0e78356ee16b869d413ef2e679156 3.0/rpms/net-snmp-perl-
a9733a63ee3da320a530d363b4f2db43 3.0/rpms/net-snmp-utils-
acf4b06a55596415c5a450abde693900 3.0/rpms/zlib-1.2.2-4tr.i586.rpm
7d7507f200761f6713ec84893a1ddd3a 3.0/rpms/zlib-devel-1.2.2-4tr.i586.rpm

9d9b72a93b6db09fbc36f3e4ddc5b643 2.2/rpms/zlib-1.2.2-2tr.i586.rpm
cd1af2bbc6cf7bc4b19a445d47c76d07 2.2/rpms/zlib-devel-1.2.2-2tr.i586.rpm
- --------------------------------------------------------------------------

Trustix Security Team

Version: GnuPG v1.4.1 (GNU/Linux)