ALAS-2021-1465


Amazon Linux AMI Security Advisory: ALAS-2021-1465
Advisory Release Date: 2021-01-12 22:51 Pacific
Advisory Updated Date: 2021-01-13 18:19 Pacific
Severity: Important
References: CVE-2020-15862 

Issue Overview:

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-15862 )


Affected Packages:

net-snmp


Issue Correction:
Run yum update net-snmp to update your system.

New Packages:
i686:
    net-snmp-debuginfo-5.5-60.22.amzn1.i686
    net-snmp-python-5.5-60.22.amzn1.i686
    net-snmp-libs-5.5-60.22.amzn1.i686
    net-snmp-perl-5.5-60.22.amzn1.i686
    net-snmp-devel-5.5-60.22.amzn1.i686
    net-snmp-utils-5.5-60.22.amzn1.i686
    net-snmp-5.5-60.22.amzn1.i686

src:
    net-snmp-5.5-60.22.amzn1.src

x86_64:
    net-snmp-debuginfo-5.5-60.22.amzn1.x86_64
    net-snmp-python-5.5-60.22.amzn1.x86_64
    net-snmp-perl-5.5-60.22.amzn1.x86_64
    net-snmp-5.5-60.22.amzn1.x86_64
    net-snmp-devel-5.5-60.22.amzn1.x86_64
    net-snmp-libs-5.5-60.22.amzn1.x86_64
    net-snmp-utils-5.5-60.22.amzn1.x86_64