ALAS-2014-316


Amazon Linux AMI Security Advisory: ALAS-2014-316
Advisory Release Date: 2014-09-18 00:06 Pacific
Severity: Medium

Issue Overview:

A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284 )


Affected Packages:

net-snmp


Issue Correction:
Run yum update net-snmp to update your system.

New Packages:
i686:
    net-snmp-5.5-49.18.amzn1.i686
    net-snmp-libs-5.5-49.18.amzn1.i686
    net-snmp-utils-5.5-49.18.amzn1.i686
    net-snmp-perl-5.5-49.18.amzn1.i686
    net-snmp-devel-5.5-49.18.amzn1.i686
    net-snmp-debuginfo-5.5-49.18.amzn1.i686
    net-snmp-python-5.5-49.18.amzn1.i686

src:
    net-snmp-5.5-49.18.amzn1.src

x86_64:
    net-snmp-debuginfo-5.5-49.18.amzn1.x86_64
    net-snmp-python-5.5-49.18.amzn1.x86_64
    net-snmp-perl-5.5-49.18.amzn1.x86_64
    net-snmp-utils-5.5-49.18.amzn1.x86_64
    net-snmp-devel-5.5-49.18.amzn1.x86_64
    net-snmp-libs-5.5-49.18.amzn1.x86_64
    net-snmp-5.5-49.18.amzn1.x86_64