For those who aren't subscribed to the net-snmp-announce list: Begin forwarded message:
Date: Fri, 13 Jan 2006 19:25:27 -0800 From: Wes Hardaker <[EMAIL PROTECTED]> To: [email protected] Subject: SECURITY FIX: net-snmp 5.3.0.1 is released In version 5.3 much of the authorization control was rewritten. There was a bug in the new code that resulted in granting write access to read-only users or communities which were configured using the "rocommunity" or "rouser" snmpd.conf tokens. 5.3.0.1 fixes this problem. Only 5.3 was affected by this problem. Users are encouraged to immediately update their installations if they use either of these tokens. A big thanks is owed to Robert Story who found the bug and quickly fixed it. The NET-SNMP Development Team Contents of this announcement ----------------------------- - What has Changed recently? - Where can I get it? - Are there binaries available? - What operating systems does it run on? - Which versions of the SNMP protocol are supported in this package? - I've found a bug or have a suggestion, how do I tell you about it? - What's the difference between UCD-SNMP and Net-SNMP? What has Changed recently? ------------------------------------------- The NEWS file snippits from these releases are as follows: *5.3.0.1* *** Security Fix *** - In version 5.3 much of the authorization control was rewritten. There was a bug in the new code that resulted in granting write access to read-only users or communities which were configured using the "rocommunity" or "rouser" snmpd.conf tokens. 5.3.0.1 fixes this problem. Users are encouraged to immediately update their installations if they use either of these tokens. Where can I get it? ------------------ Download: - http://www.net-snmp.org/download/ - ftp://ftp.net-snmp.org/pub/sourceforge/net-snmp/ Web page: - http://www.net-snmp.org/ Sourceforge Project page: - http://www.net-snmp.org/project/ Mirrors (note that sourceforge download servers are mirrored themselves): - US: ftp://ftp.freesnmp.com/mirrors/net-snmp/ - Bulgaria: http://rtfm.uni-svishtov.bg/net-snmp/ (appears to be out of date) - Germany: ftp://ftp.mpg.goe.ni.schule.de/pub/internet/net-snmp/ (unknown host) - Greece: ftp://ftp.ntua.gr/pub/net/snmp/net-snmp/ Are there binaries available? ---------------------------- - Binaries do appear on our download site, but often are published a bit later than the normal source code. Most of the binaries that are available have been linked with the OpenSSL package so you'll need a copy of it installed in order to use them. If you don't have OpenSSL installed and don't want it installed, please get the net-snmp source release instead and built it yourself (but you'll loose support for SNMPv3 with SHA1 authentication and both DES and AES encryption). What operating systems does it run on? ------------------------------------- Both the applications and the agent have been reported as running (at least in part) on the following operating systems: * HP-UX (10.20 to 9.01 and 11.0 -- see README.hpux11) * Ultrix (4.5 to 4.2) * Solaris SPARC/ULTRA (2.8 to 2.3), Intel (2.9) and SunOS (4.1.4 to 4.1.2) * OSF (4.0, 3.2) * NetBSD (1.5alpha to 1.0) * FreeBSD (4.1 to 2.2) * BSDi (4.0.1 to 2.1) * Linux (kernels 2.4 to 1.3) * AIX (4.1.5, 3.2.5) * OpenBSD (2.8, 2.6) * Irix (6.5 to 5.1) * OS X (10.1.1 and 10.1.2) * Dynix/PTX 4.4 * QNX 6.2.1A See our FAQ at http://www.Net-SNMP.org/FAQ.html for more details on portability of the Net-SNMP package. Which versions of the SNMP protocol are supported in this package? ----------------------------------------------------------------- SNMPv1, SNMPv2c, and SNMPv3 (including user-based and kerberos-based support) I've found a bug or have a suggestion, how do I tell you about it? ----------------------------------------------------------------- Please submit the bug to our bug-tracking system at: http://www.net-snmp.org/bugs/ Please submit patches (for features or bugs) to our patch-tracking system. (You don't need to submit a big report as well, just a patch) http://www.net-snmp.org/patches/ What's the difference between UCD-SNMP and Net-SNMP? --------------------------------------------------- Not a great deal, really. Although the project originally started at UC Davis (hence the name), and it has always been based there, most of the contributors have had little or no connection with this institution. The move to SourceForge was intended to provide a more flexible environment for the project, and to distribute the administrative workload more evenly. The change of name simply reflects this move, which was the last remaining link with UC Davis. The 4.2.x line is the last release line that uses the ucd-snmp name, and all releases under this banner will be bug-fixes only. Release 5.0 is the first version using the net-snmp name, and all new features and significant development will be released under this name. (Though the dividing line between a bug-fix and a new feature is something of a vague one, so some changes in the 4.2.x line may be relatively non-trivial!) -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-announce mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-announce ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
