Amazon Linux 1 Security Advisory: ALAS-2014-316
Advisory Release Date: 2014-03-24 23:39 Pacific
Advisory Updated Date: 2014-09-18 00:06 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284)
Affected Packages:
net-snmp
Issue Correction:
Run yum update net-snmp to update your system.
i686:
net-snmp-5.5-49.18.amzn1.i686
net-snmp-libs-5.5-49.18.amzn1.i686
net-snmp-utils-5.5-49.18.amzn1.i686
net-snmp-perl-5.5-49.18.amzn1.i686
net-snmp-devel-5.5-49.18.amzn1.i686
net-snmp-debuginfo-5.5-49.18.amzn1.i686
net-snmp-python-5.5-49.18.amzn1.i686
src:
net-snmp-5.5-49.18.amzn1.src
x86_64:
net-snmp-debuginfo-5.5-49.18.amzn1.x86_64
net-snmp-python-5.5-49.18.amzn1.x86_64
net-snmp-perl-5.5-49.18.amzn1.x86_64
net-snmp-utils-5.5-49.18.amzn1.x86_64
net-snmp-devel-5.5-49.18.amzn1.x86_64
net-snmp-libs-5.5-49.18.amzn1.x86_64
net-snmp-5.5-49.18.amzn1.x86_64