-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

            ESB-2002.107 -- Debian Security Advisory DSA-111-2
                       Update for SNMP security fix
                               1 March 2002

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                ucd-snmp
Vendor:                 Debian
Operating System:       Debian GNU/Linux 2.2
Platform:               Alpha
                        ARM
                        i386
                        Motorola 680x0
                        PowerPC
                        SPARC
Impact:                 Execute Arbitrary Code/Commands
                        Denial of Service
Access Required:        Remote

Ref:                    ESB-2002.084
                        ESB-2002.065
                        AL-2002.02

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-111-2                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
February 28, 2002
- - ------------------------------------------------------------------------


Package        : ucd-snmp
Problem type   : ABI/API correction to previous security fix
Debian-specific: yes

Some of the changes made in the DSA-111-1 security fix for SNMP
changed the API and ABI for the SNMP library which broke some
other applications.

This has been fixed in version 4.1.1-2.1. We apologise for the
inconvenience this may have caused.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- - ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  At this moment updated powerpc packages are not ready yet. When
  they are they will be mentioned on the Debian security webpages.

  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.diff.gz
      MD5 checksum: be2dfee01664c4626348e6171528d255
    http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.dsc
      MD5 checksum: afc58029a9c5116068a16c120b0a4904
    http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1.orig.tar.gz
      MD5 checksum: 2f0d6130af510a8ce283dfdb557a85fa

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1-dev_4.1.1-2.2_alpha.deb
      MD5 checksum: 3132c75375ce348cabcbfbb3d3a76763
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1_4.1.1-2.2_alpha.deb
      MD5 checksum: 0d27c13b5095ad645694c99f25e0da64
    http://security.debian.org/dists/stable/updates/main/binary-alpha/snmp_4.1.1-2.2_alpha.deb
      MD5 checksum: 9d3cddbb786979e7f28d497cbbd5c5d9
    http://security.debian.org/dists/stable/updates/main/binary-alpha/snmpd_4.1.1-2.2_alpha.deb
      MD5 checksum: cbae6d2e9d5ebbb5d497e3ffc8aab73f

  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1-dev_4.1.1-2.2_arm.deb
      MD5 checksum: da24f4fb3b1f5f687b074fd71793fb72
    http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1_4.1.1-2.2_arm.deb
      MD5 checksum: 8f87c4dd653a195bd2095c75cfb7e766
    http://security.debian.org/dists/stable/updates/main/binary-arm/snmp_4.1.1-2.2_arm.deb
      MD5 checksum: 4a3953c0f892d02e1bf6b006a1ffe1fd
    http://security.debian.org/dists/stable/updates/main/binary-arm/snmpd_4.1.1-2.2_arm.deb
      MD5 checksum: 7637450f37dde5722a88985cbb4e62e0

  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb
      MD5 checksum: 63572db96270c729ea883bfef1ada86c
    http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb
      MD5 checksum: b6282ebba72681ff8b2fe58995831df8
    http://security.debian.org/dists/stable/updates/main/binary-i386/snmp_4.1.1-2.2_i386.deb
      MD5 checksum: 77233f5bc593a94488a92cb19d4bede2
    http://security.debian.org/dists/stable/updates/main/binary-i386/snmpd_4.1.1-2.2_i386.deb
      MD5 checksum: f7f9847bac6be03e19fb5fef39166859

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1-dev_4.1.1-2.2_m68k.deb
      MD5 checksum: d9861cd2564b72d8c3a03ab364c904e6
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1_4.1.1-2.2_m68k.deb
      MD5 checksum: a61e288a261f42dab2ac2032e33fce62
    http://security.debian.org/dists/stable/updates/main/binary-m68k/snmp_4.1.1-2.2_m68k.deb
      MD5 checksum: 17fbf2e266250ad4916140417ab89e91
    http://security.debian.org/dists/stable/updates/main/binary-m68k/snmpd_4.1.1-2.2_m68k.deb
      MD5 checksum: be9e4621e3b0124cca66bd1030a165f1

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1-dev_4.1.1-2.2_sparc.deb
      MD5 checksum: b2d081e92fd6fdbf17ff39c3613c97a4
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1_4.1.1-2.2_sparc.deb
      MD5 checksum: 15b8bea50f0dccbd087c4335a1f9f72a
    http://security.debian.org/dists/stable/updates/main/binary-sparc/snmp_4.1.1-2.2_sparc.deb
      MD5 checksum: 344153849feb2976ff1d5c8675ca20f0
    http://security.debian.org/dists/stable/updates/main/binary-sparc/snmpd_4.1.1-2.2_sparc.deb
      MD5 checksum: d791b6df707bf60398b39b4924328d9f

  These packages will be moved into the stable distribution on its next
  revision.

- - -- 
- - ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPH45sajZR/ntlUftAQGSwwL/d+WAg4K02pxdYV0qYWbwRaXyPOgQcOFu
LcY1qdjptkl0/7/yzJ0f7T6TRKhO0E4x1idyLWqJvG6dONbluqc4iKlU8JGIkiFM
YsITVpapK3YbfS9/FArufkk+5eD+Bm1K
=XGMM
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBPH+jQSh9+71yA2DNAQECtgQAl1fQEh0MQ88BBVgYSuUjVr0r4ci0k2J0
eHEYP+sbeHCknTs39URD92DOBRmE0/t6YTF/t6s8Usi2XPJfiCJ0PQYOqNBdqvDC
UDoeKjLVK2s6Q85uRAwVrWY1ykysPpWiltLk99vODkhsL4Xh6xJ0fVH88D82e+gH
EzQFhjrPXQ0=
=lf1v
-----END PGP SIGNATURE-----