Advisories » MGASA-2014-0371

Updated net-snmp packages fix CVE-2014-3565

Publication date: 05 Sep 2014
Modification date: 05 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3565

Description

Updated net-snmp packages fix security vulnerabilities:

A remote denial-of-service flaw was found in the way snmptrapd handled
certain SNMP traps when started with the "-OQ" option. If an attacker sent an
SNMP trap containing a variable with a NULL type where an integer variable
type was expected, it would cause snmptrapd to crash (CVE-2014-3565).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14029
• https://bugzilla.redhat.com/show_bug.cgi?id=1125155
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565

SRPMS

3/core

• net-snmp-5.7.2-7.3.mga3

4/core

• net-snmp-5.7.2-13.2.mga4