Описание
Security update for net-snmp
The following issues have been fixed within this update:
- fix btrfs output inside HOST-RESOURCES-MIB::hrStorageDescr. (bsc#909479)
- fix an incompletely initialized vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bsc#940188, CVE-2015-5621)
- add build requirement 'procps' to fix a net-snmp-config error (bsc#935863)
- --disable-md5 to allow operation in FIPS mode and not use the old algorithm (bsc#935876 bsc#940084)
- also stop snmptrapd on removal
Список пакетов
SUSE Linux Enterprise Desktop 12
libsnmp30-5.7.2.1-4.3.2
libsnmp30-32bit-5.7.2.1-4.3.2
net-snmp-5.7.2.1-4.3.2
perl-SNMP-5.7.2.1-4.3.2
snmp-mibs-5.7.2.1-4.3.2
SUSE Linux Enterprise Server 12
libsnmp30-5.7.2.1-4.3.2
libsnmp30-32bit-5.7.2.1-4.3.2
net-snmp-5.7.2.1-4.3.2
perl-SNMP-5.7.2.1-4.3.2
snmp-mibs-5.7.2.1-4.3.2
SUSE Linux Enterprise Server for SAP Applications 12
libsnmp30-5.7.2.1-4.3.2
libsnmp30-32bit-5.7.2.1-4.3.2
net-snmp-5.7.2.1-4.3.2
perl-SNMP-5.7.2.1-4.3.2
snmp-mibs-5.7.2.1-4.3.2
SUSE Linux Enterprise Software Development Kit 12
net-snmp-devel-5.7.2.1-4.3.2
Ссылки
- Link for SUSE-SU-2015:1556-1
- E-Mail link for SUSE-SU-2015:1556-1
- SUSE Security Ratings
- SUSE Bug 909479
- SUSE Bug 935863
- SUSE Bug 935876
- SUSE Bug 940084
- SUSE Bug 940188
- SUSE CVE CVE-2015-5621 page
Описание
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libsnmp30-32bit-5.7.2.1-4.3.2
SUSE Linux Enterprise Desktop 12:libsnmp30-5.7.2.1-4.3.2
SUSE Linux Enterprise Desktop 12:net-snmp-5.7.2.1-4.3.2
SUSE Linux Enterprise Desktop 12:perl-SNMP-5.7.2.1-4.3.2
Ссылки
- CVE-2015-5621
- SUSE Bug 1111123
- SUSE Bug 940188
- SUSE Bug 969779