RHBA-2010:0253 - Bug Fix Advisory

Topic

Updated net-snmp packages that fix various bugs and add enhancements are
now available.

Description

The Simple Network Management Protocol (SNMP) is a protocol used for
network management. The net-snmp packages include various SNMP tools: an
extensible agent; an SNMP library; tools for requesting or setting
information from SNMP agents; tools for generating and handling SNMP traps;
a version of the netstat command which uses SNMP; and a Tk/Perl MIB
browser.

These updated net-snmp packages provide fixes for the following bugs:

• when two default routes with the same content existed in the machine's

routing table, the snmpd daemon could have entered an endless loop and
logged the following error to syslog: "error on subcontainer 'dr_index'
insert(-1)". Processing of the routing table has been improved in this
update so that snmpd no longer enters an endless route when this occurs.
(BZ#504742)

• on 64-bit systems experiencing very high network traffic, the snmpd

daemon periodically logged the following message to syslog: "truncating
integer value > 32 bits". With this update, snmpd correctly adjusts
reported counters and no error is logged. (BZ#507528)

• the snmpd daemon did not expect the packet counters in the /proc/net/snmp

and /proc/net/snmp6 directories to be 64-bit on 64-bit systems. When these
counters exceeded 32 bits in size, which occurred when the Linux kernel
sent or received greater than 4,294,967,296 (2^32) packets, then the snmpd
daemon would terminate abnormally. With this update, the snmpd daemon no
longer crashes when it encounters a packet counter in the directories
listed above that is greater than 32 bits in size, thus resolving the
issue. (BZ#514703)

• the snmpd daemon contained several memory leaks in the ipNetToMediaTable,

mteEventSetTable and ipAddressPrefixTable objects. These slow memory leaks
could have caused problems on machines with multi-month uptimes. These
memory leaks have been plugged in these updated packages. (BZ#518633,
BZ#515650)

• this update ensures that the snmpd daemon is able to process and respond

to broadcast UDP requests. (BZ#521175)

• header files contained within the net-snmp-devel package differed

according to the architecture of the system, i386 or Itanium, they were
installed on. Because net-snmp is a multilib package, this update moves
architecture-dependent header files into separate files, thus allowing
development packages for different architectures to be installed on the
same system. (BZ#521820)

• the libnetsnmp shared object library maintains cached data in the

/usr/share/snmp/mibs/.index file. Because this file did not have the proper
SELinux context, SELinux denied applications write access to this file.
This update ensures that this .index file is properly labeled with the
correct SELinux context so that applications are permitted to access it.
(BZ#523249)

• the snmpd daemon was unable to process requests to create a new

User-Based Security Model (USM) veiw with Object ID components larger than
255. With ths update, snmpd is able to create new USM views with all valid
OIDs. (BZ#527364)

• SNMP applications such as snmpget and snmpwalk reported "truncating

unsigned value to 32 bits" errors on 64-bit achitectures when they received
invalid SNMP responses from legacy systems. With this update, SNMP programs
suppress these error messages when the received SNMP response can still be
parsed. (BZ#528164)

• the snmpd daemon assumed that network interface hardware addresses were

always 6 bytes in length. Hardware such as InfiniBand network cards can
have addresses of a different size, in which case snmpd reported "ioctl
35123 returned -1" to syslog. With this update, snmpd does not make the
6-byte assumption, and this error is no longer logged. (BZ#543499)

• the snmpd daemon reported IP addresses in the ipCidrRouteTable object as

8 bytes on 64-bit hardware. This update ensures that snmpd reports IPv4
addresses as 4 bytes. (BZ#547698)

All SNMP users are advised to upgrade to these updated net-snmp packages,
which resolve these issues and add these enhancements.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 518633 - snmpd leaks memory
• BZ - 521820 - Package is not multilib safe
• BZ - 523249 - net-snmp library breaks selinux because of creating index file
• BZ - 527364 - inconsistentName error for the oid with the number greater than 255
• BZ - 528164 - Spurious "truncating unsigned value" errors
• BZ - 543499 - snmpd: ioctl 35123 returned -1
• BZ - 547698 - snmpd reports IP addresses as 8 bytes in ipCidrRouteTable

CVEs

(none)

References

(none)