Security update for net-snmp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3333-1 Final 1 1 2018-10-23T11:50:34Z current 2018-10-23T11:50:34Z 2018-10-23T11:50:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for net-snmp This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Basesystem-15-2018-2396 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183333-1/ Link for SUSE-SU-2018:3333-1 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004770.html E-Mail link for SUSE-SU-2018:3333-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027353 SUSE Bug 1027353 https://bugzilla.suse.com/1081164 SUSE Bug 1081164 https://bugzilla.suse.com/1102775 SUSE Bug 1102775 https://bugzilla.suse.com/1111122 SUSE Bug 1111122 https://www.suse.com/security/cve/CVE-2018-18065/ SUSE CVE CVE-2018-18065 page SUSE Linux Enterprise Module for Basesystem 15 libsnmp30-5.7.3-7.3.1 net-snmp-5.7.3-7.3.1 net-snmp-devel-5.7.3-7.3.1 perl-SNMP-5.7.3-7.3.1 snmp-mibs-5.7.3-7.3.1 libsnmp30-5.7.3-7.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 net-snmp-5.7.3-7.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 net-snmp-devel-5.7.3-7.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 perl-SNMP-5.7.3-7.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 snmp-mibs-5.7.3-7.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2018-18065 SUSE Linux Enterprise Module for Basesystem 15:libsnmp30-5.7.3-7.3.1 SUSE Linux Enterprise Module for Basesystem 15:net-snmp-5.7.3-7.3.1 SUSE Linux Enterprise Module for Basesystem 15:net-snmp-devel-5.7.3-7.3.1 SUSE Linux Enterprise Module for Basesystem 15:perl-SNMP-5.7.3-7.3.1 SUSE Linux Enterprise Module for Basesystem 15:snmp-mibs-5.7.3-7.3.1 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183333-1/ https://www.suse.com/security/cve/CVE-2018-18065.html CVE-2018-18065 https://bugzilla.suse.com/1111122 SUSE Bug 1111122 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 https://bugzilla.suse.com/1145864 SUSE Bug 1145864