UbuntuUpdates.org

Package "tkmib"

Name: tkmib

Description:

SNMP (Simple Network Management Protocol) MIB browser
Latest version: 5.8+dfsg-2ubuntu2.6
Release: focal (20.04)
Level: security
Repository: universe
Head package: net-snmp
Homepage: http://net-snmp.sourceforge.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "tkmib"

All arch deb package
APT INSTALL

Other versions of "tkmib" in Focal

Repository Area Version
base universe 5.8+dfsg-2ubuntu2
updates universe 5.8+dfsg-2ubuntu2.9

Changelog

Version: 5.8+dfsg-2ubuntu2.6 2023-01-09 15:07:36 UTC

  net-snmp (5.8+dfsg-2ubuntu2.6) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via null pointer exception issues
    - debian/patches/CVE-2022-4479x-1.patch: disallow SET with NULL varbind
      in agent/snmp_agent.c.
    - debian/patches/CVE-2022-4479x-2.patch: allow SET with NULL varbind
      for testing in apps/snmpset.c.
    - debian/patches/CVE-2022-4479x-3.patch: add test for NULL varbind set
      in testing/fulltests/default/T0142snmpv2csetnull_simple.
    - CVE-2022-44792
    - CVE-2022-44793

 -- Marc Deslauriers <email address hidden> Fri, 06 Jan 2023 11:07:55 -0500
Source diff to previous version
CVE-2022-4479 RESERVED
CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote
CVE-2022-44793 handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a

Version: 5.8+dfsg-2ubuntu2.4 2022-08-01 17:07:37 UTC

  net-snmp (5.8+dfsg-2ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple security issus
    - debian/patches/CVE-2022-248xx-1.patch: fix bounds checking in
      NET-SNMP-AGENT-MIB, NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB,
      SNMP-USER-BASED-SM-MIB in agent/mibgroup/agent/nsLogging.c,
      agent/mibgroup/agent/nsVacmAccessTable.c,
      agent/mibgroup/mibII/vacm_vars.c, agent/mibgroup/snmpv3/usmUser.
    - debian/patches/CVE-2022-248xx-2.patch: recover SET status from
      delegated request in agent/snmp_agent.c.
    - CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
      CVE-2022-24809, CVE-2022-24810

 -- Marc Deslauriers <email address hidden> Mon, 25 Jul 2022 14:22:42 -0400
Source diff to previous version
CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access
CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously
CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access
CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference
CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference

Version: 5.8+dfsg-2ubuntu2.3 2020-08-24 18:06:43 UTC

  net-snmp (5.8+dfsg-2ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: Elevation of privileges - symlink handling
    - debian/patches/CVE-2020-15861.patch: stop reading and writing
      the mib_indexes files in include/net-snmp/library/mib.h,
      include/net-snmp/library/parse.h, snmplib/mib.c, snmplib/parse.c.
    - CVE-2020-15861
  * SECURITY UPDATE: Elevation of privileges
    - debian/patches/CVE-2020-15862.patch: make the extend mib
      read-only by default in agent/mibgroup/agent/extend.c.
    - CVE-2020-15862

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Aug 2020 15:03:38 -0300
Source diff to previous version
CVE-2020-15861 Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2020-15862 Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands a

Version: 5.8+dfsg-2ubuntu2.2 2020-07-23 12:06:39 UTC

  net-snmp (5.8+dfsg-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: No-change rebuild with perl 5.30.0-9build1 (LP: #1886658)

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 22 Jul 2020 17:34:20 +0000
Source diff to previous version
1886658 libsnmp-perl depends on wrong perl version

Version: 5.8+dfsg-2ubuntu2.1 2020-07-02 17:06:55 UTC

  net-snmp (5.8+dfsg-2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: Fix segmentation fault that happens when using the
    snmpv3 protocol with snmpbulkget. (LP: #1877027)
    - d/p/move-securityStateRef-into-free_securityStateRef.patch:
      Consolidate the check of the securityStateRef pointer into the
      free_securityStateRef function.
    - d/p/prevent-snmpv3-bulkget-errors-double-free.patch:
      Prevent snmpv3 bulkget errors from becoming resulting in a
      double free.
    - d/p/fix-usmStateReference-free.patch:
      Fix typo on usm_free_usmStateReference from last patch.
    - d/p/unexport-struct-usmStateReference.patch:
      Unexport struct usmStateReference and to prevent ABI breakages,
      since it will be necessary to add a reference count to it.
    - d/p/introduce-refcount-usmStateReference.patch:
      Introduce refcount in the struct usmStateReference, and adjust
      code to properly use the field.
    - CVE-2019-20892

 -- Sergio Durigan Junior <email address hidden> Tue, 23 Jun 2020 14:57:12 -0400
1877027 SNMP stopped running all of sudden (snmpd 5.8+dfsg-2)
CVE-2019-20892 net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net


About   -   Send Feedback to @ubuntu_updates