Errata overview
Errata ID 384
Date 2018-05-08
Source package net-snmp
Fixed in version
This update addresses the following issues:
* The snmp_pdu_parse function in net-snmp does not remove the varBind
  variable in a netsnmp_variable_list item when parsing of the SNMP PDU
  fails, which allows remote attackers to cause a denial of service (crash)
  and possibly execute arbitrary code via a crafted packet. (CVE-2015-5621)
* NET-SNMP contains a heap corruption vulnerability in the UDP protocol
  handler that can result in command execution. (CVE-2018-1000116)
Additional notes
CVE ID CVE-2015-5621
UCS Bug number #46770