UbuntuUpdates.org

Package "net-snmp"

Name: net-snmp

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • SNMP (Simple Network Management Protocol) Perl5 support
  • Net-SNMP notification receiver
  • SNMP (Simple Network Management Protocol) MIB browser

Latest version: 5.8+dfsg-2ubuntu2.5
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "net-snmp" in Focal

Repository Area Version
base universe 5.8+dfsg-2ubuntu2
base main 5.8+dfsg-2ubuntu2
security universe 5.8+dfsg-2ubuntu2.4
security main 5.8+dfsg-2ubuntu2.4
updates main 5.8+dfsg-2ubuntu2.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.8+dfsg-2ubuntu2.5 2022-08-17 01:07:07 UTC

  net-snmp (5.8+dfsg-2ubuntu2.5) focal; urgency=medium

  * Fix segmentation fault when attempting to initialise mysql
    connections due to incorrectly calling my_load_defaults()
    (LP: #1979933).
    - d/p/lp1979933-snmptrapd-Let-configure-check-for-mysql_options.patch

 -- Matthew Ruffell <email address hidden> Tue, 02 Aug 2022 15:55:28 +1200

Source diff to previous version
1979933 snmptrapd Segmentation Faults When Calling my_load_defaults()

Version: 5.8+dfsg-2ubuntu2.4 2022-08-01 17:07:38 UTC

  net-snmp (5.8+dfsg-2ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple security issus
    - debian/patches/CVE-2022-248xx-1.patch: fix bounds checking in
      NET-SNMP-AGENT-MIB, NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB,
      SNMP-USER-BASED-SM-MIB in agent/mibgroup/agent/nsLogging.c,
      agent/mibgroup/agent/nsVacmAccessTable.c,
      agent/mibgroup/mibII/vacm_vars.c, agent/mibgroup/snmpv3/usmUser.
    - debian/patches/CVE-2022-248xx-2.patch: recover SET status from
      delegated request in agent/snmp_agent.c.
    - CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
      CVE-2022-24809, CVE-2022-24810

 -- Marc Deslauriers <email address hidden> Mon, 25 Jul 2022 14:22:42 -0400

Source diff to previous version
CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access
CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously
CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access
CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference
CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference

Version: 5.8+dfsg-2ubuntu2.3 2020-08-24 18:06:43 UTC

  net-snmp (5.8+dfsg-2ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: Elevation of privileges - symlink handling
    - debian/patches/CVE-2020-15861.patch: stop reading and writing
      the mib_indexes files in include/net-snmp/library/mib.h,
      include/net-snmp/library/parse.h, snmplib/mib.c, snmplib/parse.c.
    - CVE-2020-15861
  * SECURITY UPDATE: Elevation of privileges
    - debian/patches/CVE-2020-15862.patch: make the extend mib
      read-only by default in agent/mibgroup/agent/extend.c.
    - CVE-2020-15862

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Aug 2020 15:03:38 -0300

Source diff to previous version
CVE-2020-15861 Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2020-15862 Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands a

Version: 5.8+dfsg-2ubuntu2.2 2020-07-22 23:07:05 UTC

  net-snmp (5.8+dfsg-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: No-change rebuild with perl 5.30.0-9build1 (LP: #1886658)

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 22 Jul 2020 17:34:20 +0000

Source diff to previous version
1886658 libsnmp-perl depends on wrong perl version

Version: 5.8+dfsg-2ubuntu2.1 2020-07-02 17:06:56 UTC

  net-snmp (5.8+dfsg-2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: Fix segmentation fault that happens when using the
    snmpv3 protocol with snmpbulkget. (LP: #1877027)
    - d/p/move-securityStateRef-into-free_securityStateRef.patch:
      Consolidate the check of the securityStateRef pointer into the
      free_securityStateRef function.
    - d/p/prevent-snmpv3-bulkget-errors-double-free.patch:
      Prevent snmpv3 bulkget errors from becoming resulting in a
      double free.
    - d/p/fix-usmStateReference-free.patch:
      Fix typo on usm_free_usmStateReference from last patch.
    - d/p/unexport-struct-usmStateReference.patch:
      Unexport struct usmStateReference and to prevent ABI breakages,
      since it will be necessary to add a reference count to it.
    - d/p/introduce-refcount-usmStateReference.patch:
      Introduce refcount in the struct usmStateReference, and adjust
      code to properly use the field.
    - CVE-2019-20892

 -- Sergio Durigan Junior <email address hidden> Tue, 23 Jun 2020 14:57:12 -0400

1877027 SNMP stopped running all of sudden (snmpd 5.8+dfsg-2)
CVE-2019-20892 net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net



About   -   Send Feedback to @ubuntu_updates