openSUSE: 2018:3508-1: important: net-snmp
Description
This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) This update was imported from the SUSE:SLE-12-SP1:Update update project.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1313=1
Package List
- openSUSE Leap 42.3 (i586 x86_64): libsnmp30-5.7.3-7.3.1 libsnmp30-debuginfo-5.7.3-7.3.1 net-snmp-5.7.3-7.3.1 net-snmp-debuginfo-5.7.3-7.3.1 net-snmp-debugsource-5.7.3-7.3.1 net-snmp-devel-5.7.3-7.3.1 net-snmp-python-5.7.3-7.3.1 net-snmp-python-debuginfo-5.7.3-7.3.1 perl-SNMP-5.7.3-7.3.1 perl-SNMP-debuginfo-5.7.3-7.3.1 snmp-mibs-5.7.3-7.3.1 - openSUSE Leap 42.3 (x86_64): libsnmp30-32bit-5.7.3-7.3.1 libsnmp30-debuginfo-32bit-5.7.3-7.3.1 net-snmp-devel-32bit-5.7.3-7.3.1
References
https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1111122--