commit net-snmp for openSUSE:Factory

Fri, 12 Oct 2018 04:09:00 -0700 

Hello community,

here is the log from the commit of package net-snmp for openSUSE:Factory 
checked in at 2018-10-12 13:07:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/net-snmp (Old)
 and      /work/SRC/openSUSE:Factory/.net-snmp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "net-snmp"

Fri Oct 12 13:07:55 2018 rev:87 rq:640769 version:5.7.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/net-snmp/net-snmp.changes        2018-06-25 
11:34:34.398815957 +0200
+++ /work/SRC/openSUSE:Factory/.net-snmp.new/net-snmp.changes   2018-10-12 
13:07:58.723531992 +0200
@@ -1,0 +2,6 @@
+Mon Oct  8 23:44:37 UTC 2018 - [email protected]
+
+- Fix remote DoS in agent/helpers/table.c (bsc#1111122, CVE-2018-18065)
+  Add net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch
+
+-------------------------------------------------------------------

New:
----
  net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ net-snmp.spec ++++++
--- /var/tmp/diff_new_pack.9TKAc0/_old  2018-10-12 13:08:00.443529535 +0200
+++ /var/tmp/diff_new_pack.9TKAc0/_new  2018-10-12 13:08:00.451529523 +0200
@@ -64,6 +64,7 @@
 Patch14:        net-snmp-5.7.3-modern-rpm-api.patch
 Patch15:        net-snmp-python3.patch
 Patch16:        net-snmp-5.7.2-systemd.patch
+Patch17:        net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  autoconf

++++++ net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch ++++++
diff -Nurp net-snmp-5.7.3-orig/agent/helpers/table.c 
net-snmp-5.7.3/agent/helpers/table.c
--- net-snmp-5.7.3-orig/agent/helpers/table.c   2014-12-08 21:23:22.000000000 
+0100
+++ net-snmp-5.7.3/agent/helpers/table.c        2018-10-09 00:54:37.410522720 
+0200
@@ -406,6 +406,8 @@ table_helper_handler(netsnmp_mib_handler
             if (reqinfo->mode == MODE_GET)
                 table_helper_cleanup(reqinfo, request,
                                      SNMP_NOSUCHOBJECT);
+            else
+                request->processed = 1; /* skip if next handler called */
             continue;
         }
 
@@ -483,6 +485,8 @@ table_helper_handler(netsnmp_mib_handler
 #endif /* NETSNMP_NO_WRITE_SUPPORT */
                     table_helper_cleanup(reqinfo, request,
                                          SNMP_NOSUCHOBJECT);
+                else
+                    request->processed = 1; /* skip if next handler called */
                 continue;
             }
             /*

Reply via email to