ALAS-2015-590


Amazon Linux AMI Security Advisory: ALAS-2015-590
Advisory Release Date: 2015-09-02 12:00 Pacific
Severity: Medium

Issue Overview:

It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621 )


Affected Packages:

net-snmp


Issue Correction:
Run yum update net-snmp to update your system.

New Packages:
i686:
    net-snmp-devel-5.5-54.1.20.amzn1.i686
    net-snmp-libs-5.5-54.1.20.amzn1.i686
    net-snmp-utils-5.5-54.1.20.amzn1.i686
    net-snmp-python-5.5-54.1.20.amzn1.i686
    net-snmp-debuginfo-5.5-54.1.20.amzn1.i686
    net-snmp-5.5-54.1.20.amzn1.i686
    net-snmp-perl-5.5-54.1.20.amzn1.i686

src:
    net-snmp-5.5-54.1.20.amzn1.src

x86_64:
    net-snmp-libs-5.5-54.1.20.amzn1.x86_64
    net-snmp-5.5-54.1.20.amzn1.x86_64
    net-snmp-python-5.5-54.1.20.amzn1.x86_64
    net-snmp-debuginfo-5.5-54.1.20.amzn1.x86_64
    net-snmp-perl-5.5-54.1.20.amzn1.x86_64
    net-snmp-utils-5.5-54.1.20.amzn1.x86_64
    net-snmp-devel-5.5-54.1.20.amzn1.x86_64