UbuntuUpdates.org

Package "snmpd"

Name: snmpd

Description:

SNMP (Simple Network Management Protocol) agents

Latest version: 5.8+dfsg-2ubuntu2.9
Release: focal (20.04)
Level: updates
Repository: main
Head package: net-snmp
Homepage: http://net-snmp.sourceforge.net/

Links


Download "snmpd"


Other versions of "snmpd" in Focal

Repository Area Version
base main 5.8+dfsg-2ubuntu2
security main 5.8+dfsg-2ubuntu2.6

Changelog

Version: 5.8+dfsg-2ubuntu2.9 2023-08-16 14:06:51 UTC

  net-snmp (5.8+dfsg-2ubuntu2.9) focal; urgency=medium

  * Fix "double free or corruption (fasttop)" crash (LP: #2012926):
    - d/p/remove-request-when-sending-failed-1.patch: introduce
      remove_request() function
    - d/p/remove-request-when-sending-failed-2.patch: Remove the request
      on the session when the sending is failed

Source diff to previous version
2012926 AgentX use-after-free net-snmp 5.8

Version: 5.8+dfsg-2ubuntu2.7 2023-03-23 20:06:56 UTC

  net-snmp (5.8+dfsg-2ubuntu2.7) focal; urgency=medium

  * Fix snmptrapd reconnection issue after hitting MySQL wait_timeout
    (LP: #1999711)
    - d/p/snmptrapd-mysql-reconnection-after-hitting-wait_timeout.patch
    - d/p/snmptrapd-mysql-fix-build-error.patch

 -- Chengen Du <email address hidden> Fri, 17 Feb 2023 03:05:10 +0000

Source diff to previous version
1999711 Snmptrapd cannot reconnect to MySQL server after hitting MySQL wait_timeout

Version: 5.8+dfsg-2ubuntu2.6 2023-01-09 16:06:43 UTC

  net-snmp (5.8+dfsg-2ubuntu2.6) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via null pointer exception issues
    - debian/patches/CVE-2022-4479x-1.patch: disallow SET with NULL varbind
      in agent/snmp_agent.c.
    - debian/patches/CVE-2022-4479x-2.patch: allow SET with NULL varbind
      for testing in apps/snmpset.c.
    - debian/patches/CVE-2022-4479x-3.patch: add test for NULL varbind set
      in testing/fulltests/default/T0142snmpv2csetnull_simple.
    - CVE-2022-44792
    - CVE-2022-44793

 -- Marc Deslauriers <email address hidden> Fri, 06 Jan 2023 11:07:55 -0500

Source diff to previous version
CVE-2022-4479 RESERVED
CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote
CVE-2022-44793 handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a

Version: 5.8+dfsg-2ubuntu2.5 2022-08-17 01:07:06 UTC

  net-snmp (5.8+dfsg-2ubuntu2.5) focal; urgency=medium

  * Fix segmentation fault when attempting to initialise mysql
    connections due to incorrectly calling my_load_defaults()
    (LP: #1979933).
    - d/p/lp1979933-snmptrapd-Let-configure-check-for-mysql_options.patch

 -- Matthew Ruffell <email address hidden> Tue, 02 Aug 2022 15:55:28 +1200

Source diff to previous version
1979933 snmptrapd Segmentation Faults When Calling my_load_defaults()

Version: 5.8+dfsg-2ubuntu2.4 2022-08-01 17:07:34 UTC

  net-snmp (5.8+dfsg-2ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple security issus
    - debian/patches/CVE-2022-248xx-1.patch: fix bounds checking in
      NET-SNMP-AGENT-MIB, NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB,
      SNMP-USER-BASED-SM-MIB in agent/mibgroup/agent/nsLogging.c,
      agent/mibgroup/agent/nsVacmAccessTable.c,
      agent/mibgroup/mibII/vacm_vars.c, agent/mibgroup/snmpv3/usmUser.
    - debian/patches/CVE-2022-248xx-2.patch: recover SET status from
      delegated request in agent/snmp_agent.c.
    - CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
      CVE-2022-24809, CVE-2022-24810

 -- Marc Deslauriers <email address hidden> Mon, 25 Jul 2022 14:22:42 -0400

CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access
CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously
CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access
CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference
CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference



About   -   Send Feedback to @ubuntu_updates