Security update for net-snmp

SUSE Security Update: Security update for net-snmp

---

Announcement ID:	SUSE-SU-2012:0887-1
Rating:	moderate
References:	#759352 #762433
Affected Products:	SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4

---

An update that solves one vulnerability and has one errata is now available.

Description:

This update to net-snmp resolves the following issues:

* Specially crafted SNMP GET requests could cause a
denial of service (application crash) via a heap-based
out-out-bounds read flaw which could be exploited remotely
(CVE-2012-2141).
* After rotating the net-snmp log file, use
"try-restart" to restart the daemon. Reloading with a
SIGHUP signal may trigger crashes when dynamic modules
(dlmod) are in use (bnc#762433).

Security Issue reference:

* CVE-2012-2141
>

Package List:

• SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

• net-snmp-5.3.0.1-25.43.1
• net-snmp-devel-5.3.0.1-25.43.1
• perl-SNMP-5.3.0.1-25.43.1
• SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

• net-snmp-32bit-5.3.0.1-25.43.1
• SUSE Linux Enterprise Server 10 SP4 (ia64):

• net-snmp-x86-5.3.0.1-25.43.1
• SUSE Linux Enterprise Server 10 SP4 (ppc):

• net-snmp-64bit-5.3.0.1-25.43.1
• net-snmp-devel-64bit-5.3.0.1-25.43.1
• SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

• net-snmp-5.3.0.1-25.43.1
• net-snmp-devel-5.3.0.1-25.43.1
• perl-SNMP-5.3.0.1-25.43.1
• SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

• net-snmp-32bit-5.3.0.1-25.43.1
• SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

• net-snmp-devel-5.3.0.1-25.43.1
• SLE SDK 10 SP4 (ppc):

• net-snmp-devel-64bit-5.3.0.1-25.43.1

References:

http://support.novell.com/security/cve/CVE-2012-2141.html

https://bugzilla.novell.com/759352

https://bugzilla.novell.com/762433

http://download.suse.com/patch/finder/?keywords=48b04a33674cd4129a7b5210a9eb8985