Univention Bugzilla – Bug 55152
net-snmp: Multiple issues (5.0)
Last modified: 2022-08-31 12:19:40 CEST
New Debian net-snmp 5.7.3+dfsg-5+deb10u3 fixes: This update addresses the following issues: * A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805) * CVE-2022-24806 : net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously (CVE-2022-24806) * A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access (CVE-2022-24807) * A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference (CVE-2022-24808) * A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809) * A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)
--- mirror/ftp/pool/main/n/net-snmp/net-snmp_5.7.3+dfsg-5+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/net-snmp_5.7.3+dfsg-5+deb10u3.dsc @@ -1,3 +1,11 @@ +5.7.3+dfsg-5+deb10u3 [Fri, 26 Aug 2022 22:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * snmpd_fix_bounds_checking: CVE-2022-24805, CVE-2022-24809 + * snmpd_recover_set_status: CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, + CVE-2022-24810 + * patches based on the backports of Craig Small to Bullseye + 5.7.3+dfsg-5+deb10u2 [Thu, 28 Jan 2021 20:49:23 +1100] Craig Small <csmall@debian.org>: * snmpd: Add cacheTime and execType flags to EXTEND-MIB. <http://piuparts.knut.univention.de/5.0-2/#7570603618318605314>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts > Modified(user, group, mode, size, target): /var/lib/snmp/ expected(root, root, d 40755, 4096, None) != found(#101, #101, d 40755, 4096, None) > /var/lib/dpkg/info/snmpd.postinst:21: chown -R "$SNMP_USER"."$SNMP_GROUP" "$SNMP_DIR" [5.0-2] 0467e53e21 Bug #55152: net-snmp 5.7.3+dfsg-5+deb10u3 doc/errata/staging/net-snmp.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) [5.0-2] ff20d68c08 Bug #55152: net-snmp 5.7.3+dfsg-5+deb10u3 doc/errata/staging/net-snmp.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x397>