Bug 1070396 (CVE-2014-2284)
Summary: | CVE-2014-2284 net-snmp: denial of service flaw in Linux implementation of ICMP-MIB | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | jkurik, jsafrane, ksrot, pfrields, thozza | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | net-snmp 5.5.2.1, net-snmp 5.6.2.1, net-snmp 5.7.2.1 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-03-26 14:53:09 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1071753, 1072092, 1073222, 1073223 | ||||||
Bug Blocks: | 1070397 | ||||||
Attachments: |
|
Description
Vincent Danen
2014-02-26 17:40:35 UTC
Created attachment 868119 [details]
upstream patch to correct the flaw
I don't like sourceforge's web interface to git so this is the actual patch in a useable form.
Created net-snmp tracking bugs for this issue: Affects: fedora-all [bug 1071753] MITRE assigned CVE-2014-2284 to this issue: http://seclists.org/oss-sec/2014/q1/506 net-snmp-5.7.2-17.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. net-snmp-5.7.2-14.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0321 https://rhn.redhat.com/errata/RHSA-2014-0321.html Statement: Not vulnerable. This issue did not affect the versions of net-snmp as shipped with Red Hat Enterprise Linux 5. |