4.189. net-snmp

Bug Fixes

BZ#678314

The previous version of snmptrapd, the Net-SNMP daemon for processing traps, leaked memory when processing incoming SNMP traps in embedded Perl. This caused the amount of consumed memory to grow over time, making the memory consumption even larger if the daemon was processing SNMPv1 traps. With this update, the underlying source code has been adapted to prevent such memory leaks, and processing incoming SNMP traps in embedded Perl no longer increases the memory consumption.

BZ#681949

On 64-bit systems, the previous version of snmpd, the Net-SNMP agent, gathered the disk IO and CPU usage statistics for UCD-SNMP::systemStats as 64-bit. However, relevant MIB describes these statistics as 32-bit and as a consequence, snmpd wrote the following message to the system log when processing the 64-bit values:

truncating integer value > 32 bits

This update adapts snmpd to collect values for UCD-SNMP::systemStats as 32-bit integers so that it no longer reports the aforementioned message to syslog.

BZ#683563

The previous version of the snmpd daemon did not detect errors when accessing the /proc file system. Consequent to this, an attempt to read information about an exited process while gathering information for a HOST-RESOURCES-MIB::hrSWRunTable table caused the daemon to terminate unexpectedly with a segmentation fault. This update adapts the underlying source code to make sure that such errors are now properly detected, and snmpd no longer crashes when populating HOST-RESOURCES-MIB::hrSWRunTable.

BZ#683680

Prior to this update, the snmpd daemon reported HOST-RESOURCES-MIB::hrSystemDate with an incorrect sign in the timezone offset. This update applies a patch to make sure the timezone offset is properly recalculated and the value reported by snmpd is now correct.

BZ#702165

Previously, the snmpd daemon tracked all network interfaces that were present on the system while it was running, including interfaces that were removed from the system during this time. Consequent to this, when an interface which had been removed was re-instantiated with the same name but with a different interface index, snmpd reported both interfaces separately in IF-MIB::ifTable. This typically happened to Point-to-Point Protocol (PPP) interfaces. This update adds two new options, interface_fadeout and interface_replace_old, to the /etc/snmpd/snmpd.conf configuration file, which allows system administrators to control the behavior of snmpd when two interfaces with the same name but a different interface index are detected. Refer to the snmpd.conf(5) manual page for details.

BZ#702171

When running on a system with two network interfaces with the same IP address, the previous version of the snmpd daemon silently ignored the second interface while populating IP-MIB::ipAddressTable. With this update, snmpd has been adapted to add a message that the second interface is being ignored to the system log in this scenario. This allows system administrators to determine why the second interface is missing from IP-MIB::ipAddressTable.

BZ#703682

The previous version of the snmpd daemon ignored SIGCHLD signals from processes that were spawned as a result of the pass_persist configuration option. However, this led to unnecessary defunct processes on the system. With this update, the snmpd daemon has been adapted to correctly process the SIGCHLD signals so that such defunct processes are no longer created.

BZ#707912

Prior this update, the snmpd daemon incorrectly ignored XFS file systems when populating HOST-RESOURCES-MIB::hrFSTable. This update adds support for the XFS file system to HOST-RESOURCES-MIB::hrFSTable so that snmpd no longer omits such file systems from the report.

BZ#708370

In previous versions of net-snmp, the snmpd daemon did not distinguish between outgoing SMUX messages and always incremented their Request-ID, even when multiple SMUX messages were sent as a result of one incoming SNMP request with multiple variables. However, RFC 1227 requires that such SMUX messages should have the same Request-ID. With this update, snmpd properly recognizes multiple outgoing SMUX messages that are the result of one incoming SNMP request and assigns them the same Request-ID.

BZ#708947

When the system ran out of memory while populating IP-MIB::ipNetToPhysicalTable, the previous version of the snmpd daemon did not properly recover and may have terminated unexpectedly as a consequence. This update adapts the underlying source code to detect that the system is running out of memory, and snmpd no longer crashes in this situation.

BZ#710667

Prior to this update, the netsnmp module for the Python programming language did not properly initialize an SNMP session with SNMPv3 authentication. Consequent to this, and attempt to use such a session caused Python to terminate unexpectedly with a segmentation fault. This update ensures that SNMP sessions with SNMPv3 authentication are now initialized properly and can be used in Python modules as expected.

BZ#711481

The previous version of the netsnmp Python module did not properly parse OID names that included an MIB name (such as IF-MIB::ifTable). With this update, the regular expression for parsing OID names has been corrected and the aforementioned Python module now parses such names properly.

BZ#720704

Previously, the snmpd daemon did not verify the result of reading from a network socket in the SMUX module. Consequent to this, snmpd may have been unable to close erroneous SMUX sessions, because it failed to detect some network errors. With this update, the snmpd daemon has been adapted to properly detect errors when reading from a SMUX socket so that it can now react to these errors properly.

BZ#729738

When an AgentX subagent was being disconnected from the snmpd daemon, the daemon did not properly detach all outstanding SNMP requests from the internal session object representing this agent. As a consequence, snmpd could terminate unexpectedly while processing these requests. With this update, the snmpd daemon ensures that outstanding SNMP requests do not point to an AgentX session that is closed.

BZ#725657

When a binary is built with the RELRO flag, the ELF sections are reordered to include internal data sections before program's data sections, and the Global Offset Table (GOT) address section of the resulting ELF file is mapped read-only. This ensures that any attempt to overwrite the GOT entry and gain control over the execution flow of a program fails with an error. For this reason, the Net-SNMP daemons, binaries, and shared libraries are now built with full RELRO protection.

BZ#753766

The SNMP daemon (snmpd) did not properly fill a set of watched socket file descriptors. Therefore, the daemon sometimes terminated unexpectedly with the "select: bad file descriptor" error message when more than 32 AgentX subagents connected to snmpd on 32-bit platforms or more than 64 subagents on 64-bit platforms. With this update, snmpd properly clears sets of watched file descriptors and thus it no longer crashes when handling a large number of subagents.

Bug Fix

BZ#1002858

When an AgentX subagent disconnected from the SNMP daemon (snmpd), the daemon did not properly check that there were no active requests queued in the subagent and destroyed the session. Consequently, the session was referenced by snmpd later when processing queued requests and because it was already destroyed, snmpd terminated unexpectedly with a segmentation fault or looped indefinitely. This update adds several checks to prevent the destruction of sessions with active requests, and snmpd no longer crashes in the described scenario.

Bug Fix

BZ#956287

Previously, snmpd erroneously checked the length of "SNMP-TARGET-MIB::snmpTargetAddrRowStatus" value in incoming "SNMP-SET" requests on 64-bit platforms. Consequently, snmpd sent an incorrect reply to the "SNMP-SET" request. With this update, the check of "SNMP-TARGET-MIB::snmpTargetAddrRowStatus" is fixed and it is possible to set it remotely using "SNMP-SET" messages.

Bug Fix

BZ#986191

In previous Net-SNMP releases, snmpd reported an invalid speed of network interfaces in IF-MIB::ifTable and IF-MIB::ifXTable if the interface had a speed other than 10, 100, 1000 or 2500 MB/s. Thus, the net-snmp ifHighSpeed value returned was "0" compared to the correct speed as reported in ethtool, if the Virtual Connect speed was set to, for example, 0.9 Gb/s. With this update, the ifHighSpeed value returns the correct speed as reported in ethtool, and snmpd correctly reports non-standard network interface speeds.