Bugzilla – Bug 940188
VUL-0: CVE-2015-5621: net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
Last modified: 2017-03-21 18:02:13 UTC
rh#1212408 Discovered by Qinghao Tang Incompletely initialized vulnerability exists in the function ‘snmp_pdu_parse()’ of ‘snmp_api.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets. References: https://bugzilla.redhat.com/show_bug.cgi?id=1212408 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5621 http://seclists.org/oss-sec/2015/q3/260 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5621
Seems like SLE 10 SP3 to SLE 12 is affected
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-08-14. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62240
bugbot adjusting priority
what are we up to here?
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-08-27. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62262
This is an autogenerated message for OBS integration: This bug (940188) was mentioned in https://build.opensuse.org/request/show/323040 Factory / net-snmp https://build.opensuse.org/request/show/323058 13.1 / net-snmp https://build.opensuse.org/request/show/323059 13.2 / net-snmp
openSUSE-SU-2015:1502-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 935863,940188 CVE References: CVE-2015-5621 Sources used: openSUSE 13.2 (src): net-snmp-5.7.3-3.1 openSUSE 13.1 (src): net-snmp-5.7.2-9.11.1
SUSE-SU-2015:1524-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 853382,935863,940188 CVE References: CVE-2015-5621 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): net-snmp-5.4.2.1-8.12.24.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): net-snmp-5.4.2.1-8.12.24.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): net-snmp-5.4.2.1-8.12.24.1 SUSE Linux Enterprise Server 11-SP4 (src): net-snmp-5.4.2.1-8.12.24.1 SUSE Linux Enterprise Server 11-SP3 (src): net-snmp-5.4.2.1-8.12.24.1 SUSE Linux Enterprise Desktop 11-SP4 (src): net-snmp-5.4.2.1-8.12.24.1 SUSE Linux Enterprise Desktop 11-SP3 (src): net-snmp-5.4.2.1-8.12.24.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): net-snmp-5.4.2.1-8.12.24.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): net-snmp-5.4.2.1-8.12.24.1
SUSE-SU-2015:1556-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 909479,935863,935876,940084,940188 CVE References: CVE-2015-5621 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): net-snmp-5.7.2.1-4.3.2 SUSE Linux Enterprise Server 12 (src): net-snmp-5.7.2.1-4.3.2 SUSE Linux Enterprise Desktop 12 (src): net-snmp-5.7.2.1-4.3.2
Fixed and released. Closing bug.