Synopsis: Moderate: net-snmp security and bug fix update Advisory ID: SLSA-2014:0321-1 Issue Date: 2014-03-24 CVE Numbers: CVE-2014-2284 -- A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284) This update also fixes the following bug: * The snmpd service parses the /proc/diskstats file to track disk usage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number of block devices, /proc/diskstats may be large in size and parsing it can take a non-trivial amount of CPU time. With this update, Net-SNMP introduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which can be used to explicitly specify devices that should be monitored. Only these whitelisted devices are then reported in UCD-DISKIO- MIB::diskIOTable, thus speeding up snmpd on systems with numerous block devices. After installing this update, the snmpd service will be restarted automatically. -- SL6 x86_64 net-snmp-5.5-49.el6_5.1.x86_64.rpm net-snmp-debuginfo-5.5-49.el6_5.1.i686.rpm net-snmp-debuginfo-5.5-49.el6_5.1.x86_64.rpm net-snmp-libs-5.5-49.el6_5.1.i686.rpm net-snmp-libs-5.5-49.el6_5.1.x86_64.rpm net-snmp-devel-5.5-49.el6_5.1.i686.rpm net-snmp-devel-5.5-49.el6_5.1.x86_64.rpm net-snmp-perl-5.5-49.el6_5.1.x86_64.rpm net-snmp-python-5.5-49.el6_5.1.x86_64.rpm net-snmp-utils-5.5-49.el6_5.1.x86_64.rpm i386 net-snmp-5.5-49.el6_5.1.i686.rpm net-snmp-debuginfo-5.5-49.el6_5.1.i686.rpm net-snmp-libs-5.5-49.el6_5.1.i686.rpm net-snmp-devel-5.5-49.el6_5.1.i686.rpm net-snmp-perl-5.5-49.el6_5.1.i686.rpm net-snmp-python-5.5-49.el6_5.1.i686.rpm net-snmp-utils-5.5-49.el6_5.1.i686.rpm - Scientific Linux Development Team