Bug 202099 - net-mgmt/net-snmp: Fix CVE-2015-5621
Summary: net-mgmt/net-snmp: Fix CVE-2015-5621
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Many People
Assignee: Ryan Steinmetz
URL:
Keywords: needs-qa, patch, security
Depends on:
Blocks:
 
Reported: 2015-08-05 08:51 UTC by Sergey N. Voronkov
Modified: 2015-08-10 13:09 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (zi)

Attachments
patch file (4.07 KB, patch)
2015-08-05 08:51 UTC, Sergey N. Voronkov 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey N. Voronkov 2015-08-05 08:51:55 UTC 
Created attachment 159567 [details]
patch file

http://vuxml.freebsd.org/freebsd/381183e8-3798-11e5-9970-14dae9d210b8.html

Incompletely initialized vulnerability exists in the function ‘snmp_pdu_parse()’ of ‘snmp_api.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets.

Adopt upstream fix.

Patch attached.
Comment 1 commit-hook freebsd_committer freebsd_triage 2015-08-10 02:16:39 UTC 
A commit references this bug:

Author: zi
Date: Mon Aug 10 02:15:53 UTC 2015
New revision: 393838
URL: https://svnweb.freebsd.org/changeset/ports/393838

Log:
  - Fix CVE-2015-5621
  - Bump PORTREVISION

  PR:		202099
  Submitted by:	serg@tmn.ru

Changes:
  head/net-mgmt/net-snmp/Makefile
  head/net-mgmt/net-snmp/files/patch-snmplib_snmp__api.c
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-08-10 13:09:22 UTC 
A commit references this bug:

Author: zi
Date: Mon Aug 10 13:08:24 UTC 2015
New revision: 393862
URL: https://svnweb.freebsd.org/changeset/ports/393862

Log:
  MFH: r393838

  - Fix CVE-2015-5621
  - Bump PORTREVISION

  PR:		202099
  Submitted by:	serg@tmn.ru
  Approved by:	ports-secteam (zi)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/net-mgmt/net-snmp/Makefile
  branches/2015Q3/net-mgmt/net-snmp/files/patch-snmplib_snmp__api.c