Chapter 1. Package Updates
176
a man-in-the-middle attack and potentially confuse an application using the neon library into accepting
it by mistake. (
CVE-2009-2474
1489
)
A denial of service flaw was found in the neon Extensible Markup Language (XML) parser. A remote
attacker (malicious DAV server) could provide a specially-crafted XML document that would cause
excessive memory and CPU consumption if an application using the neon XML parser was tricked into
processing it. (
CVE-2009-2473
1490
)
All neon users should upgrade to these updated packages, which contain backported patches to
correct these issues. Applications using the neon HTTP and WebDAV client library, such as cadaver,
must be restarted for this update to take effect.
1.129. net-snmp
1.129.1. RHBA-2009:1437: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1437
1491
Updated net-snmp packages that resolve several issues are now available.
The Simple Network Management Protocol (SNMP) is a protocol used for network management.
The net-snmp packages include various SNMP tools:an extensible agent, an SNMP library, tools for
requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a
version of the netstat command which uses SNMP, and a Tk/Perl MIB browser.
These updated net-snmp packages provide fixes for the following bugs:
* snmpd, the SNMP daemon, did not expect the packet counters in the /proc/net/snmp and /proc/
net/snmp6 directories to be 64-bit on 64-bit systems. When these counters exceeded 32 bits in size,
which would occur when the Linux kernel sent or received greater than 4,294,967,296 (2^32) packets,
then the snmpd daemon would terminate abnormally. With this update, the snmpd daemon no longer
crashes when it encounters a packet counter in the directories listed above that is greater than 32 bits
in size, thus resolving the issue. (
BZ#516183
1492
)
* snmpd, the SNMP daemon, contained several memory leaks in the ipNetToMediaTable module.
These leaks caused snmpd to leak memory relatively slowly, but at a rate which could cause problems
on machines with multi-month uptimes. These memory leaks have been plugged in these updated
packages so that snmpd no longer leaks memory slowly. (
BZ#517041
1493
)
All users of net-snmp are advised to upgrade to these updated packages, which resolve these issues.
1.129.2. RHBA-2010:0253: bug fix and enhancement update
Updated net-snmp packages that fix various bugs and add enhancements are now available.
1489
https://www.redhat.com/security/data/cve/CVE-2009-2474.html
1490
https://www.redhat.com/security/data/cve/CVE-2009-2473.html
1492
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=516183
1493
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=517041
Summary of Contents for ENTERPRISE LINUX 5.5 - S 2010
Page 10: ...x ...
Page 308: ...298 ...
Page 310: ...300 ...
Page 468: ...458 ...
Page 470: ...460 ...