| Errata ID | 384 |
|---|---|
| Date | 2018-05-08 |
| Source package | net-snmp |
| Fixed in version | 5.7.2.1+dfsg-1+deb8u1 |
| Description | This update addresses the following issues: * The snmp_pdu_parse function in net-snmp does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. (CVE-2015-5621) * NET-SNMP contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. (CVE-2018-1000116) |
| Additional notes | |
| CVE ID | CVE-2015-5621 CVE-2018-1000116 |
| UCS Bug number | #46770 |
