Vulmon
Amazon Linux AMI Security Advisory: ALAS-2015-590
Advisory Release Date: 2015-09-02 12:00 Pacific
Advisory Updated Date: 2015-09-02 12:00 Pacific
Severity:
Medium
Issue Overview:
It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621)
Affected Packages:
net-snmp
Issue Correction:
Run yum update net-snmp to update your system.
New Packages:
i686:
net-snmp-devel-5.5-54.1.20.amzn1.i686
net-snmp-libs-5.5-54.1.20.amzn1.i686
net-snmp-utils-5.5-54.1.20.amzn1.i686
net-snmp-python-5.5-54.1.20.amzn1.i686
net-snmp-debuginfo-5.5-54.1.20.amzn1.i686
net-snmp-5.5-54.1.20.amzn1.i686
net-snmp-perl-5.5-54.1.20.amzn1.i686
src:
net-snmp-5.5-54.1.20.amzn1.src
x86_64:
net-snmp-libs-5.5-54.1.20.amzn1.x86_64
net-snmp-5.5-54.1.20.amzn1.x86_64
net-snmp-python-5.5-54.1.20.amzn1.x86_64
net-snmp-debuginfo-5.5-54.1.20.amzn1.x86_64
net-snmp-perl-5.5-54.1.20.amzn1.x86_64
net-snmp-utils-5.5-54.1.20.amzn1.x86_64
net-snmp-devel-5.5-54.1.20.amzn1.x86_64