Debian Security Advisory

DSA-4154-1 net-snmp -- security update

Date Reported:
28 Mar 2018
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 788964, Bug 894110.
In Mitre's CVE dictionary: CVE-2015-5621, CVE-2018-1000116.
More information:

A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process (causing a denial of service) or, potentially, execute arbitrary code with the privileges of the user running snmpd.

For the oldstable distribution (jessie), these problems have been fixed in version

For the stable distribution (stretch), these problems have been fixed before the initial release.

We recommend that you upgrade your net-snmp packages.

For the detailed security status of net-snmp please refer to its security tracker page at: