Synopsis: Moderate: net-snmp security update Issue date: 2009-06-25 CVE Names: CVE-2009-1887 A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker could issue a specially-crafted GETBULK request that could crash the snmpd daemon. (CVE-2009-1887) Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name "public" grants read-only access. In production deployments, it is recommended to change this default community name. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically. SL 3.0.x SRPMS: net-snmp-5.0.9-2.30E.28.src.rpm i386: net-snmp-5.0.9-2.30E.28.i386.rpm net-snmp-devel-5.0.9-2.30E.28.i386.rpm net-snmp-libs-5.0.9-2.30E.28.i386.rpm net-snmp-perl-5.0.9-2.30E.28.i386.rpm net-snmp-utils-5.0.9-2.30E.28.i386.rpm x86_64: net-snmp-5.0.9-2.30E.28.x86_64.rpm net-snmp-devel-5.0.9-2.30E.28.x86_64.rpm net-snmp-libs-5.0.9-2.30E.28.i386.rpm net-snmp-libs-5.0.9-2.30E.28.x86_64.rpm net-snmp-perl-5.0.9-2.30E.28.x86_64.rpm net-snmp-utils-5.0.9-2.30E.28.x86_64.rpm -Connie Sieh -Troy Dawson