Updated net-snmp packages fix two vulnerabilities
Publication date: 07 Mar 2014Modification date: 07 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2284 , CVE-2014-2285
Description
Updated net-snmp packages fix security vulnerabilities:
Remotely exploitable denial of service vulnerability in Net-SNMP, in the
Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it
is making use of the ICMP-MIB table objects (CVE-2014-2284).
Remotely exploitable denial of service vulnerability in Net-SNMP, in
snmptrapd, due to how it handles trap requests with an empty community string
when the perl handler is enabled (CVE-2014-2285).
References
- http://freecode.com/projects/net-snmp/releases/361848
- http://openwall.com/lists/oss-security/2014/03/05/9
- https://bugzilla.redhat.com/show_bug.cgi?id=1070396
- https://bugzilla.redhat.com/show_bug.cgi?id=1072778
- https://bugs.mageia.org/show_bug.cgi?id=12880
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2284
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
SRPMS
4/core
- net-snmp-5.7.2-13.1.mga4
3/core
- net-snmp-5.7.2-7.2.mga3