openSUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3508-1 Rating: important References: #1027353 #1081164 #1102775 #1111122 Cross-References: CVE-2018-18065 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1313=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libsnmp30-5.7.3-7.3.1 libsnmp30-debuginfo-5.7.3-7.3.1 net-snmp-5.7.3-7.3.1 net-snmp-debuginfo-5.7.3-7.3.1 net-snmp-debugsource-5.7.3-7.3.1 net-snmp-devel-5.7.3-7.3.1 net-snmp-python-5.7.3-7.3.1 net-snmp-python-debuginfo-5.7.3-7.3.1 perl-SNMP-5.7.3-7.3.1 perl-SNMP-debuginfo-5.7.3-7.3.1 snmp-mibs-5.7.3-7.3.1 - openSUSE Leap 42.3 (x86_64): libsnmp30-32bit-5.7.3-7.3.1 libsnmp30-debuginfo-32bit-5.7.3-7.3.1 net-snmp-devel-32bit-5.7.3-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1111122 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org