CVE-2012-2141 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2141): Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. Upstream has fixed the issue in all branches. Upstream bug: http://sourceforge.net/tracker/index.php?func=detail&aid=3526549&group_id=12694&atid=112694 Upstream commit: http://net-snmp.git.sourceforge.net/git/gitweb.cgi?p=net-snmp/net-snmp;a=commitdiff;h=4c5633f1603e4bd03ed05c37d782ec8911759c47
net-snmp 5.7.2_rc1 is in tree and has this fixed.
Thanks, Diego. Ok to stable the _rc here now?
Given what I see from the older versions, I'd say so. I tried it out here on our devel servers and sounds good.
Great, thanks. Arches, please test and mark stable: =net-analyzer/net-snmp-5.7.2_rc1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 stable
Stable for HPPA.
x86 stable
alpha/arm/ia64/s390/sh/sparc stable
ppc64 done
ppc done
Hey, the pci USE flag has disappeared in rc1. I run my Gentoo systems on Linode and their supplied kernels don't have CONFIG_PCI=y And what's crazy is that when /proc/bus/pci is empty it causes snmpd to not run, it exit (status 1) when trying. --- ~ # snmpd pcilib: Cannot open /proc/bus/pci pcilib: Cannot find any working access method. --- But if the $(use_with pci) use flag code is added back to the mix then we can build w/o PCI links and run on machines that don't have PCI enabled in the kernel (which I think is odd)
Please don't hijack bugs. That's been fixed in later ebuilds including 5.7.1 final.
Apologies for the hi-jack; I made a new bug to bring back PCI use flag https://bugs.gentoo.org/show_bug.cgi?id=439534
Thanks, everyone. GLSA vote: yes.
GLSA Vote: yes too. Request filed.
This issue was resolved and addressed in GLSA 201409-02 at http://security.gentoo.org/glsa/glsa-201409-02.xml by GLSA coordinator Kristian Fiskerstrand (K_F).