libsnmp30-32bit-5.7.3-8.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10204 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsnmp30-32bit-5.7.3-8.4 on GA media These are all security issues fixed in the libsnmp30-32bit-5.7.3-8.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10204 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10204 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-2141/ SUSE CVE CVE-2012-2141 page https://www.suse.com/security/cve/CVE-2014-2284/ SUSE CVE CVE-2014-2284 page https://www.suse.com/security/cve/CVE-2014-2285/ SUSE CVE CVE-2014-2285 page https://www.suse.com/security/cve/CVE-2014-3565/ SUSE CVE CVE-2014-3565 page https://www.suse.com/security/cve/CVE-2015-5621/ SUSE CVE CVE-2015-5621 page openSUSE Tumbleweed libsnmp30-5.7.3-8.4 libsnmp30-32bit-5.7.3-8.4 net-snmp-5.7.3-8.4 net-snmp-devel-5.7.3-8.4 net-snmp-devel-32bit-5.7.3-8.4 net-snmp-python-5.7.3-8.4 perl-SNMP-5.7.3-8.4 snmp-mibs-5.7.3-8.4 libsnmp30-5.7.3-8.4 as a component of openSUSE Tumbleweed libsnmp30-32bit-5.7.3-8.4 as a component of openSUSE Tumbleweed net-snmp-5.7.3-8.4 as a component of openSUSE Tumbleweed net-snmp-devel-5.7.3-8.4 as a component of openSUSE Tumbleweed net-snmp-devel-32bit-5.7.3-8.4 as a component of openSUSE Tumbleweed net-snmp-python-5.7.3-8.4 as a component of openSUSE Tumbleweed perl-SNMP-5.7.3-8.4 as a component of openSUSE Tumbleweed snmp-mibs-5.7.3-8.4 as a component of openSUSE Tumbleweed Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. CVE-2012-2141 openSUSE Tumbleweed:libsnmp30-32bit-5.7.3-8.4 openSUSE Tumbleweed:libsnmp30-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-32bit-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-python-5.7.3-8.4 openSUSE Tumbleweed:perl-SNMP-5.7.3-8.4 openSUSE Tumbleweed:snmp-mibs-5.7.3-8.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2141.html CVE-2012-2141 https://bugzilla.suse.com/759352 SUSE Bug 759352 https://bugzilla.suse.com/826684 SUSE Bug 826684 The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. CVE-2014-2284 openSUSE Tumbleweed:libsnmp30-32bit-5.7.3-8.4 openSUSE Tumbleweed:libsnmp30-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-32bit-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-python-5.7.3-8.4 openSUSE Tumbleweed:perl-SNMP-5.7.3-8.4 openSUSE Tumbleweed:snmp-mibs-5.7.3-8.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2284.html CVE-2014-2284 https://bugzilla.suse.com/866942 SUSE Bug 866942 https://bugzilla.suse.com/875217 SUSE Bug 875217 https://bugzilla.suse.com/969779 SUSE Bug 969779 The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. CVE-2014-2285 openSUSE Tumbleweed:libsnmp30-32bit-5.7.3-8.4 openSUSE Tumbleweed:libsnmp30-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-32bit-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-python-5.7.3-8.4 openSUSE Tumbleweed:perl-SNMP-5.7.3-8.4 openSUSE Tumbleweed:snmp-mibs-5.7.3-8.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2285.html CVE-2014-2285 https://bugzilla.suse.com/866942 SUSE Bug 866942 https://bugzilla.suse.com/875217 SUSE Bug 875217 https://bugzilla.suse.com/969779 SUSE Bug 969779 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. CVE-2014-3565 openSUSE Tumbleweed:libsnmp30-32bit-5.7.3-8.4 openSUSE Tumbleweed:libsnmp30-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-32bit-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-python-5.7.3-8.4 openSUSE Tumbleweed:perl-SNMP-5.7.3-8.4 openSUSE Tumbleweed:snmp-mibs-5.7.3-8.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3565.html CVE-2014-3565 https://bugzilla.suse.com/894361 SUSE Bug 894361 https://bugzilla.suse.com/969779 SUSE Bug 969779 The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. CVE-2015-5621 openSUSE Tumbleweed:libsnmp30-32bit-5.7.3-8.4 openSUSE Tumbleweed:libsnmp30-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-32bit-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-devel-5.7.3-8.4 openSUSE Tumbleweed:net-snmp-python-5.7.3-8.4 openSUSE Tumbleweed:perl-SNMP-5.7.3-8.4 openSUSE Tumbleweed:snmp-mibs-5.7.3-8.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5621.html CVE-2015-5621 https://bugzilla.suse.com/1111123 SUSE Bug 1111123 https://bugzilla.suse.com/940188 SUSE Bug 940188 https://bugzilla.suse.com/969779 SUSE Bug 969779