A vulnerability in SNMP could lead to a Denial of Service condition.
|Package||net-analyzer/net-snmp on all architectures|
|Affected versions||< 5.7.3_pre5-r1|
|Unaffected versions||>= 5.7.3_pre5-r1|
SNMP is a widely used protocol for monitoring the health and welfare of network equipment.
A specially crafted trap message triggers a conversion to an erroneous variable type when the -OQ option is used.
A remote attacker could possibly cause a Denial of Service condition.
There is no known workaround at this time.
All SNMP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.7.3_pre5-r1"
July 10, 2015
July 10, 2015: 2