[SECURITY] [DSA 4314-1] net-snmp security update

2018-10-1119:40:56

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.6%

JSON

Debian Security Advisory DSA-4314-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
October 11, 2018 https://www.debian.org/security/faq

Package : net-snmp
CVE ID : CVE-2018-18065
Debian Bug : 910638

Magnus Klaaborg Stubman discovered a NULL pointer dereference bug in
net-snmp, a suite of Simple Network Management Protocol applications,
allowing a remote, authenticated attacker to crash the snmpd process
(causing a denial of service).

For the stable distribution (stretch), this problem has been fixed in
version 5.7.3+dfsg-1.7+deb9u1.

We recommend that you upgrade your net-snmp packages.

For the detailed security status of net-snmp please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/net-snmp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8armhfpython-netsnmp< 5.7.2.1+dfsg-1+deb8u2python-netsnmp_5.7.2.1+dfsg-1+deb8u2_armhf.deb
Debian9mipselsnmp-dbgsym< 5.7.3+dfsg-1.7+deb9u1snmp-dbgsym_5.7.3+dfsg-1.7+deb9u1_mipsel.deb
Debian9mipselsnmpd< 5.7.3+dfsg-1.7+deb9u1snmpd_5.7.3+dfsg-1.7+deb9u1_mipsel.deb
Debian9mipssnmp< 5.7.3+dfsg-1.7+deb9u1snmp_5.7.3+dfsg-1.7+deb9u1_mips.deb
Debian9i386libsnmp-dev< 5.7.3+dfsg-1.7+deb9u1libsnmp-dev_5.7.3+dfsg-1.7+deb9u1_i386.deb
Debian9i386libsnmp30-dbg< 5.7.3+dfsg-1.7+deb9u1libsnmp30-dbg_5.7.3+dfsg-1.7+deb9u1_i386.deb
Debian9s390xlibsnmp30-dbg< 5.7.3+dfsg-1.7+deb9u1libsnmp30-dbg_5.7.3+dfsg-1.7+deb9u1_s390x.deb
Debian8armellibsnmp-perl< 5.7.2.1+dfsg-1+deb8u2libsnmp-perl_5.7.2.1+dfsg-1+deb8u2_armel.deb
Debian9armelsnmpd-dbgsym< 5.7.3+dfsg-1.7+deb9u1snmpd-dbgsym_5.7.3+dfsg-1.7+deb9u1_armel.deb
Debian9i386snmp-dbgsym< 5.7.3+dfsg-1.7+deb9u1snmp-dbgsym_5.7.3+dfsg-1.7+deb9u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armhf	python-netsnmp	< 5.7.2.1+dfsg-1+deb8u2	python-netsnmp_5.7.2.1+dfsg-1+deb8u2_armhf.deb
Debian	9	mipsel	snmp-dbgsym	< 5.7.3+dfsg-1.7+deb9u1	snmp-dbgsym_5.7.3+dfsg-1.7+deb9u1_mipsel.deb
Debian	9	mipsel	snmpd	< 5.7.3+dfsg-1.7+deb9u1	snmpd_5.7.3+dfsg-1.7+deb9u1_mipsel.deb
Debian	9	mips	snmp	< 5.7.3+dfsg-1.7+deb9u1	snmp_5.7.3+dfsg-1.7+deb9u1_mips.deb
Debian	9	i386	libsnmp-dev	< 5.7.3+dfsg-1.7+deb9u1	libsnmp-dev_5.7.3+dfsg-1.7+deb9u1_i386.deb
Debian	9	i386	libsnmp30-dbg	< 5.7.3+dfsg-1.7+deb9u1	libsnmp30-dbg_5.7.3+dfsg-1.7+deb9u1_i386.deb
Debian	9	s390x	libsnmp30-dbg	< 5.7.3+dfsg-1.7+deb9u1	libsnmp30-dbg_5.7.3+dfsg-1.7+deb9u1_s390x.deb
Debian	8	armel	libsnmp-perl	< 5.7.2.1+dfsg-1+deb8u2	libsnmp-perl_5.7.2.1+dfsg-1+deb8u2_armel.deb
Debian	9	armel	snmpd-dbgsym	< 5.7.3+dfsg-1.7+deb9u1	snmpd-dbgsym_5.7.3+dfsg-1.7+deb9u1_armel.deb
Debian	9	i386	snmp-dbgsym	< 5.7.3+dfsg-1.7+deb9u1	snmp-dbgsym_5.7.3+dfsg-1.7+deb9u1_i386.deb