SUSE-SU-2012:0887-1: moderate: Security update for net-snmp

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jul 18 14:08:31 MDT 2012


   SUSE Security Update: Security update for net-snmp
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0887-1
Rating:             moderate
References:         #759352 #762433 
Cross-References:   CVE-2012-2141
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   This update to net-snmp resolves the following issues:

   * Specially crafted SNMP GET requests could cause a
   denial of service (application crash) via a heap-based
   out-out-bounds read flaw which could be exploited remotely
   (CVE-2012-2141).
   * After rotating the net-snmp log file, use
   "try-restart" to restart the daemon. Reloading with a
   SIGHUP signal may trigger crashes when dynamic modules
   (dlmod) are in use (bnc#762433).

   Security Issue reference:

   * CVE-2012-2141
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      net-snmp-5.3.0.1-25.43.1
      net-snmp-devel-5.3.0.1-25.43.1
      perl-SNMP-5.3.0.1-25.43.1

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

      net-snmp-32bit-5.3.0.1-25.43.1

   - SUSE Linux Enterprise Server 10 SP4 (ia64):

      net-snmp-x86-5.3.0.1-25.43.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      net-snmp-64bit-5.3.0.1-25.43.1
      net-snmp-devel-64bit-5.3.0.1-25.43.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      net-snmp-5.3.0.1-25.43.1
      net-snmp-devel-5.3.0.1-25.43.1
      perl-SNMP-5.3.0.1-25.43.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      net-snmp-32bit-5.3.0.1-25.43.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      net-snmp-devel-5.3.0.1-25.43.1

   - SLE SDK 10 SP4 (ppc):

      net-snmp-devel-64bit-5.3.0.1-25.43.1


References:

   http://support.novell.com/security/cve/CVE-2012-2141.html
   https://bugzilla.novell.com/759352
   https://bugzilla.novell.com/762433
   http://download.novell.com/patch/finder/?keywords=48b04a33674cd4129a7b5210a9eb8985



More information about the sle-security-updates mailing list