News

=========================================================== Ubuntu Security Notice USN-190-2 November 21, 2005 ucd-snmp vulnerability CVE-2005-2177 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libsnmp4.2 The problem can be corrected by upgrading the affected package to version 4.2.5-3.5ubuntu0.4.10 (for Ubuntu 4.10), 4.2.5-3.5ubuntu0.5.04 (for Ubuntu 5.04), or 4.2.5-5ubuntu0.1 (for Ubuntu 5.10). After a standard system upgrade you need to restart the cyrus email server with /etc/init.d/cyrus21 restart (with root privileges, e. g. with using sudo). Details follow: USN-190-1 fixed a vulnerability in the net-snmp library. It was discovered that the same problem also affects the ucs-snmp implementation (which is used by the Cyrus email server). Original advisory: A remote Denial of Service has been discovered in the SMNP (Simple Network Management Protocol) library. If a SNMP agent uses TCP sockets for communication, a malicious SNMP server could exploit this to crash the agent. Please note that by default SNMP uses UDP sockets.