Package "net-snmp"
| Name: |
net-snmp
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- SNMP configuration script, MIBs and documentation
- SNMP (Simple Network Management Protocol) development files
- SNMP (Simple Network Management Protocol) library
- SNMP (Simple Network Management Protocol) library debug
|
| Latest version: |
5.8+dfsg-2ubuntu2.6 |
| Release: |
focal (20.04) |
| Level: |
security |
| Repository: |
main |
Links
Other versions of "net-snmp" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
|
net-snmp (5.8+dfsg-2ubuntu2.6) focal-security; urgency=medium
* SECURITY UPDATE: DoS via null pointer exception issues
- debian/patches/CVE-2022-4479x-1.patch: disallow SET with NULL varbind
in agent/snmp_agent.c.
- debian/patches/CVE-2022-4479x-2.patch: allow SET with NULL varbind
for testing in apps/snmpset.c.
- debian/patches/CVE-2022-4479x-3.patch: add test for NULL varbind set
in testing/fulltests/default/T0142snmpv2csetnull_simple.
- CVE-2022-44792
- CVE-2022-44793
-- Marc Deslauriers <email address hidden> Fri, 06 Jan 2023 11:07:55 -0500
|
| Source diff to previous version |
| CVE-2022-4479 |
RESERVED |
| CVE-2022-44792 |
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote |
| CVE-2022-44793 |
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a |
|
|
net-snmp (5.8+dfsg-2ubuntu2.4) focal-security; urgency=medium
* SECURITY UPDATE: Multiple security issus
- debian/patches/CVE-2022-248xx-1.patch: fix bounds checking in
NET-SNMP-AGENT-MIB, NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB,
SNMP-USER-BASED-SM-MIB in agent/mibgroup/agent/nsLogging.c,
agent/mibgroup/agent/nsVacmAccessTable.c,
agent/mibgroup/mibII/vacm_vars.c, agent/mibgroup/snmpv3/usmUser.
- debian/patches/CVE-2022-248xx-2.patch: recover SET status from
delegated request in agent/snmp_agent.c.
- CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
CVE-2022-24809, CVE-2022-24810
-- Marc Deslauriers <email address hidden> Mon, 25 Jul 2022 14:22:42 -0400
|
| Source diff to previous version |
| CVE-2022-24805 |
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access |
| CVE-2022-24806 |
Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously |
| CVE-2022-24807 |
A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access |
| CVE-2022-24808 |
A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference |
| CVE-2022-24809 |
A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference |
| CVE-2022-24810 |
A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference |
|
|
net-snmp (5.8+dfsg-2ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: Elevation of privileges - symlink handling
- debian/patches/CVE-2020-15861.patch: stop reading and writing
the mib_indexes files in include/net-snmp/library/mib.h,
include/net-snmp/library/parse.h, snmplib/mib.c, snmplib/parse.c.
- CVE-2020-15861
* SECURITY UPDATE: Elevation of privileges
- debian/patches/CVE-2020-15862.patch: make the extend mib
read-only by default in agent/mibgroup/agent/extend.c.
- CVE-2020-15862
-- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Aug 2020 15:03:38 -0300
|
| Source diff to previous version |
| CVE-2020-15861 |
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. |
| CVE-2020-15862 |
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands a |
|
|
net-snmp (5.8+dfsg-2ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: No-change rebuild with perl 5.30.0-9build1 (LP: #1886658)
-- Paulo Flabiano Smorigo <email address hidden> Wed, 22 Jul 2020 17:34:20 +0000
|
| Source diff to previous version |
| 1886658 |
libsnmp-perl depends on wrong perl version |
|
|
net-snmp (5.8+dfsg-2ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: Fix segmentation fault that happens when using the
snmpv3 protocol with snmpbulkget. (LP: #1877027)
- d/p/move-securityStateRef-into-free_securityStateRef.patch:
Consolidate the check of the securityStateRef pointer into the
free_securityStateRef function.
- d/p/prevent-snmpv3-bulkget-errors-double-free.patch:
Prevent snmpv3 bulkget errors from becoming resulting in a
double free.
- d/p/fix-usmStateReference-free.patch:
Fix typo on usm_free_usmStateReference from last patch.
- d/p/unexport-struct-usmStateReference.patch:
Unexport struct usmStateReference and to prevent ABI breakages,
since it will be necessary to add a reference count to it.
- d/p/introduce-refcount-usmStateReference.patch:
Introduce refcount in the struct usmStateReference, and adjust
code to properly use the field.
- CVE-2019-20892
-- Sergio Durigan Junior <email address hidden> Tue, 23 Jun 2020 14:57:12 -0400
|
| 1877027 |
SNMP stopped running all of sudden (snmpd 5.8+dfsg-2) |
| CVE-2019-20892 |
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net |
|
About
-
Send Feedback to @ubuntu_updates
