-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4154-1 security@xxxxxxxxxx https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : net-snmp CVE ID : CVE-2015-5621 CVE-2018-1000116 Debian Bug : 788964 894110 A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process (causing a denial of service) or, potentially, execute arbitrary code with the privileges of the user running snmpd. For the oldstable distribution (jessie), these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u1. For the stable distribution (stretch), these problems have been fixed before the initial release. We recommend that you upgrade your net-snmp packages. For the detailed security status of net-snmp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/net-snmp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlq7XNZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RkPg//W2NXTKaf7mL0ewk5xR0bEaW2+nnuFYx2ETH6i83sjqxYH4Om7zFwhHUV OPeJhUoXdhH/6id0vtQpV94llVUJPDAfmZhad1Pwq+I7hTAYAFUQphc+Xj6MQJuV wCPUG4GICd+G0drzI83tHkczEZTtQhvY90rMgx2Mv6k4agbU76hUBwR6kTuITUMX t3Zqypv36UNvku+xrxwppKUMzpWgFNVOI6bBeWIjzosjTBOFNLFSVGSWNujQuJCk Q/rdvf46Nsz1Jko8QmjMiZvpiiBT6JxVkSoh3IhAQGy0iGbF59iqaqRNlJFNpVEs OxyFIIXOPaTlwHR21KYEXnuh9+uqIHPNojBfpW9GsWwaTWPHHEbsDrldWHt+pZNE Hmye8FFdkouIO6uu3DSjkPwuvWrtACYT1CDiBSW7gprIkeNY2DddVbSI9HWbIAoM lsI/RoaeIKUMbgs2YJ5Oir+Su4SiMQpmYcaMFW1h43+P1KrcYpc5BtdFc8aRS7xZ aNf+G23esxwl8C0G0+QEHjvuOGL3mjSbtkpodQyJ5yvc1DXRgE1zg8Gpactw2mXk 3i7rNNllwI/F5g72N5b5Kq/F2I8EKayq4vnvHpWKsyMeBzmbE4woLCfuzLbCskXe Rd8dKA6fafGy2IgKNKmSKoxa2V/Ko2Mm0sgq8cV1RqViEZvBiS0= =MR4R -----END PGP SIGNATURE-----