4.189. net-snmp

Updated net-snmp packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl management information base (MIB) browser.

Bug Fixes

BZ#678314
The previous version of snmptrapd, the Net-SNMP daemon for processing traps, leaked memory when processing incoming SNMP traps in embedded Perl. This caused the amount of consumed memory to grow over time, making the memory consumption even larger if the daemon was processing SNMPv1 traps. With this update, the underlying source code has been adapted to prevent such memory leaks, and processing incoming SNMP traps in embedded Perl no longer increases the memory consumption.
BZ#681949
On 64-bit systems, the previous version of snmpd, the Net-SNMP agent, gathered the disk IO and CPU usage statistics for UCD-SNMP::systemStats as 64-bit. However, relevant MIB describes these statistics as 32-bit and as a consequence, snmpd wrote the following message to the system log when processing the 64-bit values:
truncating integer value > 32 bits
This update adapts snmpd to collect values for UCD-SNMP::systemStats as 32-bit integers so that it no longer reports the aforementioned message to syslog.
BZ#683563
The previous version of the snmpd daemon did not detect errors when accessing the /proc file system. Consequent to this, an attempt to read information about an exited process while gathering information for a HOST-RESOURCES-MIB::hrSWRunTable table caused the daemon to terminate unexpectedly with a segmentation fault. This update adapts the underlying source code to make sure that such errors are now properly detected, and snmpd no longer crashes when populating HOST-RESOURCES-MIB::hrSWRunTable.
BZ#683680
Prior to this update, the snmpd daemon reported HOST-RESOURCES-MIB::hrSystemDate with an incorrect sign in the timezone offset. This update applies a patch to make sure the timezone offset is properly recalculated and the value reported by snmpd is now correct.
BZ#702165
Previously, the snmpd daemon tracked all network interfaces that were present on the system while it was running, including interfaces that were removed from the system during this time. Consequent to this, when an interface which had been removed was re-instantiated with the same name but with a different interface index, snmpd reported both interfaces separately in IF-MIB::ifTable. This typically happened to Point-to-Point Protocol (PPP) interfaces. This update adds two new options, interface_fadeout and interface_replace_old, to the /etc/snmpd/snmpd.conf configuration file, which allows system administrators to control the behavior of snmpd when two interfaces with the same name but a different interface index are detected. Refer to the snmpd.conf(5) manual page for details.
BZ#702171
When running on a system with two network interfaces with the same IP address, the previous version of the snmpd daemon silently ignored the second interface while populating IP-MIB::ipAddressTable. With this update, snmpd has been adapted to add a message that the second interface is being ignored to the system log in this scenario. This allows system administrators to determine why the second interface is missing from IP-MIB::ipAddressTable.
BZ#703682
The previous version of the snmpd daemon ignored SIGCHLD signals from processes that were spawned as a result of the pass_persist configuration option. However, this led to unnecessary defunct processes on the system. With this update, the snmpd daemon has been adapted to correctly process the SIGCHLD signals so that such defunct processes are no longer created.
BZ#707912
Prior this update, the snmpd daemon incorrectly ignored XFS file systems when populating HOST-RESOURCES-MIB::hrFSTable. This update adds support for the XFS file system to HOST-RESOURCES-MIB::hrFSTable so that snmpd no longer omits such file systems from the report.
BZ#708370
In previous versions of net-snmp, the snmpd daemon did not distinguish between outgoing SMUX messages and always incremented their Request-ID, even when multiple SMUX messages were sent as a result of one incoming SNMP request with multiple variables. However, RFC 1227 requires that such SMUX messages should have the same Request-ID. With this update, snmpd properly recognizes multiple outgoing SMUX messages that are the result of one incoming SNMP request and assigns them the same Request-ID.
BZ#708947
When the system ran out of memory while populating IP-MIB::ipNetToPhysicalTable, the previous version of the snmpd daemon did not properly recover and may have terminated unexpectedly as a consequence. This update adapts the underlying source code to detect that the system is running out of memory, and snmpd no longer crashes in this situation.
BZ#710667
Prior to this update, the netsnmp module for the Python programming language did not properly initialize an SNMP session with SNMPv3 authentication. Consequent to this, and attempt to use such a session caused Python to terminate unexpectedly with a segmentation fault. This update ensures that SNMP sessions with SNMPv3 authentication are now initialized properly and can be used in Python modules as expected.
BZ#711481
The previous version of the netsnmp Python module did not properly parse OID names that included an MIB name (such as IF-MIB::ifTable). With this update, the regular expression for parsing OID names has been corrected and the aforementioned Python module now parses such names properly.
BZ#720704
Previously, the snmpd daemon did not verify the result of reading from a network socket in the SMUX module. Consequent to this, snmpd may have been unable to close erroneous SMUX sessions, because it failed to detect some network errors. With this update, the snmpd daemon has been adapted to properly detect errors when reading from a SMUX socket so that it can now react to these errors properly.
BZ#729738
When an AgentX subagent was being disconnected from the snmpd daemon, the daemon did not properly detach all outstanding SNMP requests from the internal session object representing this agent. As a consequence, snmpd could terminate unexpectedly while processing these requests. With this update, the snmpd daemon ensures that outstanding SNMP requests do not point to an AgentX session that is closed.
BZ#725657
When a binary is built with the RELRO flag, the ELF sections are reordered to include internal data sections before program's data sections, and the Global Offset Table (GOT) address section of the resulting ELF file is mapped read-only. This ensures that any attempt to overwrite the GOT entry and gain control over the execution flow of a program fails with an error. For this reason, the Net-SNMP daemons, binaries, and shared libraries are now built with full RELRO protection.
All users of net-snmp are advised to upgrade to these updated packages, which fix these bugs.
Updated net-snmp packages that fix one bug are now available for Red Hat Enterprise Linux 6.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

Bug Fix

BZ#753766
The SNMP daemon (snmpd) did not properly fill a set of watched socket file descriptors. Therefore, the daemon sometimes terminated unexpectedly with the "select: bad file descriptor" error message when more than 32 AgentX subagents connected to snmpd on 32-bit platforms or more than 64 subagents on 64-bit platforms. With this update, snmpd properly clears sets of watched file descriptors and thus it no longer crashes when handling a large number of subagents.
All users of net-snmp are advised to upgrade to these updated packages, which fix this bug.
Updated net-snmp packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

Bug Fix

BZ#1002858
When an AgentX subagent disconnected from the SNMP daemon (snmpd), the daemon did not properly check that there were no active requests queued in the subagent and destroyed the session. Consequently, the session was referenced by snmpd later when processing queued requests and because it was already destroyed, snmpd terminated unexpectedly with a segmentation fault or looped indefinitely. This update adds several checks to prevent the destruction of sessions with active requests, and snmpd no longer crashes in the described scenario.
Users of net-snmp are advised to upgrade to these updated packages, which fix this bug.
Updated net-snmp packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

Bug Fix

BZ#956287
Previously, snmpd erroneously checked the length of "SNMP-TARGET-MIB::snmpTargetAddrRowStatus" value in incoming "SNMP-SET" requests on 64-bit platforms. Consequently, snmpd sent an incorrect reply to the "SNMP-SET" request. With this update, the check of "SNMP-TARGET-MIB::snmpTargetAddrRowStatus" is fixed and it is possible to set it remotely using "SNMP-SET" messages.
Users of net-snmp are advised to upgrade to these updated packages, which fix this bug.
Updated net-snmp packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

Bug Fix

BZ#986191
In previous Net-SNMP releases, snmpd reported an invalid speed of network interfaces in IF-MIB::ifTable and IF-MIB::ifXTable if the interface had a speed other than 10, 100, 1000 or 2500 MB/s. Thus, the net-snmp ifHighSpeed value returned was "0" compared to the correct speed as reported in ethtool, if the Virtual Connect speed was set to, for example, 0.9 Gb/s. With this update, the ifHighSpeed value returns the correct speed as reported in ethtool, and snmpd correctly reports non-standard network interface speeds.
Users of net-snmp are advised to upgrade to these updated packages, which fix this bug.