8.121. net-snmp

Updated net-snmp packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.
The net-snmp packages provide a generic client library, a suite of command-line tools, an extensible SNMP agent, Perl modules, and Python modules to use and deploy the Simple Network Management Protocol (SNMP).

Bug Fixes

BZ#893119
Previously, snmpd, the SNMP daemon, did not check for errors when populating data for the UCD-SNMP-MIB::extTable table and could leak memory when the system ran out of memory. This bug has been fixed and snmpd now checks for out-of-memory conditions and frees the memory for the UCD-SNMP-MIB::extTable table when encounters an error.
BZ#907571
Previously, the snmp_config(5) manual page was not clear about which files were looked for and the reader could get the incorrect impression that any file with a suffix "conf" or "local.conf" could be used as an snmp configuration file. In this update, the snmp_config(5) manual page has been modified to precisely specify which files are used as snmp configuration files.
BZ#919259
In a previous update, the snmpd daemon was fixed to show the executable name and all the command-line arguments in the UCD-SNMP-MIB::extCommand OID string. The fix did not check for executables without command-line arguments. Consequently, the snmpd daemon terminated unxpectedly with a segmentation fault when retrieving the value of the UCD-SNMP-MIB::extCommand OID of an executable with no arguments. With this update, snmpd now checks if there are no arguments and shows the correct value of the UCD-SNMP-MIB::extCommand OID. As a result, crashes no longer occur in the described scenario.
BZ#919952
In previous net-snmp package updates, the HOST-RESOURCES-MIB::hrSWRunTable table was rewritten, and, due to a regression, it did not report the "hrSWRunPath" string of kernel threads. This update fixes the HOST-RESOURCES-MIB::hrSWRunPath string of kernel threads and is now reported by the snmpd daemon.
BZ#922691
When the "includeAllDisks" configuration option was specified in the /etc/snmp/snmpd.conf file, the snmpd daemon scanned the running system only at startup and did not update the UCD-SNMP-MIB::dskTable table if a new device was mounted later. As a consequence, on dynamic systems where devices are frequently mounted and unmounted, UCD-SNMP-MIB::dskTable could not be used to monitor storage usage, because it monitored only devices which were available at system start. To fix this bug, the implementation of UCD-SNMP-MIB::dskTable was enhanced to dynamically add new devices as they are mounted. This happens only when the "includeAddDisks" configuration option is used in /etc/snmp/snmpd.conf. As a result, in dynamic systems where devices are frequently mounted and unmounted, UCD-SNMP-MIB::dskTable always shows the current list of mounted devices.
BZ#927474
Previously, snmpd, the SNMP daemon, did not set a proper message size when communicating with the Linux kernel using a netlink socket. As a consequence, the message "netlink: 12 bytes leftover after parsing attributes." was saved to the kernel log. With this update, snmpd sets a correct message size and the kernel no longer logs the aforementioned message.
BZ#947973
In previous Net-SNMP releases, snmpd reported an invalid speed of network interfaces in IF-MIB::ifTable and IF-MIB::ifXTable tables if the interface had a speed other than 10, 100, 1000 or 2500 MB/s. Thus, the returned net-snmp ifHighSpeed value was "0" compared to the correct speed as reported in ethtool, if the Virtual Connect speed was set to, for example, 0.9 Gb/s. With this update, the ifHighSpeed value returns the correct speed as reported in the ethtool utility, and snmpd correctly reports non-standard network interface speeds.
BZ#953926
Net-SNMP did not verify if incoming SNMP messages were encoded properly. In some instances, it read past the receiving buffer size when parsing a message with an invalid size of an integer filed in the message. This caused snmptrapd, the SNMP trap processing daemon, to terminate unexpectedly with a segmentation fault on the incoming malformed message. This update enhances the checks of incoming messages and snmptrapd no longer crashes when parsing incoming messages with invalid integer sizes.
BZ#955771
Previously, the Net-SNMP python module did not propagate various errors to applications which use this module. As a consequence, the applications were not aware of erros, which had occurred during the SNMP communication. To fix this bug, the Net-SNMP python module has been updated to return the proper error codes. As a result, the applications now receive information about SNMP errors.
BZ#960568
In previous releases, the snmp-bridge-mib subagent included the bridge itself as a port of the bridge in the BRIDGE-MIB::dot1dBasePortTable table. This bug has been fixed and the snmp-bridge-mib subagent now reports only real interfaces as ports in the BRIDGE-MIB::dot1dBasePortTable table.
BZ#968898
Previously, the snmpd daemon did not properly terminate strings when processing the "agentaddress" configuration option. As a consequence, when the configuration was re-read multiple times using the SIGHUP signal, a buffer overflow occurred. This bug has been fixed and snmpd now properly terminates strings during an "agentaddress" processing and no longer crashes using the SIGHUP signal.
BZ#983116
The previous Net-SNMP update contained a fix to improve the checking of invalid incoming SNMP messages. This fix introduced a regression and some valid SNMP messages with multiple variables inside were marked as invalid. As a consequence, Net-SNMP tools and servers rejected valid SNMP messages and waited for a "proper" response until timeout. With this update, valid SNMP messages are no longer rejected. As a result, the servers and utilities accept the first incoming message and do not wait for a timeout.
BZ#989498, BZ#1006706
In the previous Net-SNMP updates, the implementation of the HOST-RESOURCES-MIB::hrStorageTable table was rewritten and devices with Virtuozzo File System (VZFS) and B-tree File System (BTRFS) were not reported. After this update, snmpd properly recognizes devices using VZFS and BTRFS file systems and reports them in HOST-RESOURCES-MIB::hrStorageTable.
BZ#991213
Previously the snmpd daemon incorrectly parsed Sendmail configuration files with enabled queue groups. Consequently, snmpd entered a loop on startup. This update fixes the parsing of configuration files with queue groups and snmpd no longer enters a loop on startup.
BZ#1001830
Previously, the Net-SNMP utilities and daemons blindly expected that an MD5 hash algorithm and a DES encryption were available in the system's OpenSSL libraries and did not check for errors when using these cryptographic functions. As a consequence, the Net-SNMP utilities and daemons terminated unexpectedly when attempting to use an MD5 or DES algorithm which are not available when the system is running in FIPS mode. The Net-SNMP utilities and daemons now check for cryptographic function error codes and display the following error message:
Error: could not generate the authentication key from the supplied pass phrase
As a result, the aforementioned utilities and daemons no longer crash in FIPS mode.

Enhancements

BZ#917816
After this update, all net-snmp configuration files can use the "includeFile" and "includeDir" options to include other configuration files or whole directories of configuration files. Detailed syntax and usage is described in the snmp_config(5) manual page.
BZ#919239
Previously, the Net-SNMP application was shipping its configuration files, which could contain sensitive information like passwords, readable to any user on the system. After this update, the configuration files are readable only by the root user.
Users of net-snmp are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.