UbuntuUpdates.org

Package "snmp"

Name: snmp

Description:

SNMP (Simple Network Management Protocol) applications

Latest version: 5.8+dfsg-2ubuntu2.9
Release: focal (20.04)
Level: updates
Repository: main
Head package: net-snmp
Homepage: http://net-snmp.sourceforge.net/

Links


Download "snmp"


Other versions of "snmp" in Focal

Repository Area Version
base main 5.8+dfsg-2ubuntu2
security main 5.8+dfsg-2ubuntu2.6

Changelog

Version: 5.8+dfsg-2ubuntu2.3 2020-08-24 18:06:43 UTC

  net-snmp (5.8+dfsg-2ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: Elevation of privileges - symlink handling
    - debian/patches/CVE-2020-15861.patch: stop reading and writing
      the mib_indexes files in include/net-snmp/library/mib.h,
      include/net-snmp/library/parse.h, snmplib/mib.c, snmplib/parse.c.
    - CVE-2020-15861
  * SECURITY UPDATE: Elevation of privileges
    - debian/patches/CVE-2020-15862.patch: make the extend mib
      read-only by default in agent/mibgroup/agent/extend.c.
    - CVE-2020-15862

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Aug 2020 15:03:38 -0300

Source diff to previous version
CVE-2020-15861 Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2020-15862 Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands a

Version: 5.8+dfsg-2ubuntu2.2 2020-07-22 23:07:04 UTC

  net-snmp (5.8+dfsg-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: No-change rebuild with perl 5.30.0-9build1 (LP: #1886658)

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 22 Jul 2020 17:34:20 +0000

Source diff to previous version
1886658 libsnmp-perl depends on wrong perl version

Version: 5.8+dfsg-2ubuntu2.1 2020-07-02 17:06:55 UTC

  net-snmp (5.8+dfsg-2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: Fix segmentation fault that happens when using the
    snmpv3 protocol with snmpbulkget. (LP: #1877027)
    - d/p/move-securityStateRef-into-free_securityStateRef.patch:
      Consolidate the check of the securityStateRef pointer into the
      free_securityStateRef function.
    - d/p/prevent-snmpv3-bulkget-errors-double-free.patch:
      Prevent snmpv3 bulkget errors from becoming resulting in a
      double free.
    - d/p/fix-usmStateReference-free.patch:
      Fix typo on usm_free_usmStateReference from last patch.
    - d/p/unexport-struct-usmStateReference.patch:
      Unexport struct usmStateReference and to prevent ABI breakages,
      since it will be necessary to add a reference count to it.
    - d/p/introduce-refcount-usmStateReference.patch:
      Introduce refcount in the struct usmStateReference, and adjust
      code to properly use the field.
    - CVE-2019-20892

 -- Sergio Durigan Junior <email address hidden> Tue, 23 Jun 2020 14:57:12 -0400

1877027 SNMP stopped running all of sudden (snmpd 5.8+dfsg-2)
CVE-2019-20892 net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net



About   -   Send Feedback to @ubuntu_updates