* [PATCH] netsnmpd: Update to version 5.9.3
@ 2024-08-15 7:48 Adolf Belka
0 siblings, 0 replies; only message in thread
From: Adolf Belka @ 2024-08-15 7:48 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 5944 bytes --]
- Update from version 5.9.1 to 5.9.3
- Version 5.9.4 exists but it is indicated that SNMP over TLS and/or DTLS is not
functioning properly with various versions of OpenSSL. However I could not find which
versions mentioned in the News or Changelog. The problem will be fixed in a future
version. There are no CVE fixes in 5.9.4, only a relatively few bug fixes so I
decided to wait for the fixed version in case there are users using TLS with SNMP.
- Update of rootfile
- 6 CVE fixes in 5.9.3
- Changelog
5.9.3
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address
range.
- Thanks are due to Yu Zhang of VARAS(a)IIE and Nanyu Zhong of VARAS(a)IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
misc:
- Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
general: Many bug fixes
5.9.2
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/rootfiles/packages/netsnmpd | 11 +++++------
lfs/netsnmpd | 8 ++++----
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/config/rootfiles/packages/netsnmpd b/config/rootfiles/packages/netsnmpd
index 8e1814886..510f4a0cf 100644
--- a/config/rootfiles/packages/netsnmpd
+++ b/config/rootfiles/packages/netsnmpd
@@ -110,7 +110,6 @@ usr/bin/traptoemail
#usr/include/net-snmp/library/data_list.h
#usr/include/net-snmp/library/default_store.h
#usr/include/net-snmp/library/dir_utils.h
-#usr/include/net-snmp/library/factory.h
#usr/include/net-snmp/library/fd_event_manager.h
#usr/include/net-snmp/library/file_utils.h
#usr/include/net-snmp/library/getopt.h
@@ -233,27 +232,27 @@ usr/bin/traptoemail
#usr/lib/libnetsnmp.la
#usr/lib/libnetsnmp.so
usr/lib/libnetsnmp.so.40
-usr/lib/libnetsnmp.so.40.1.0
+usr/lib/libnetsnmp.so.40.2.0
#usr/lib/libnetsnmpagent.a
#usr/lib/libnetsnmpagent.la
#usr/lib/libnetsnmpagent.so
usr/lib/libnetsnmpagent.so.40
-usr/lib/libnetsnmpagent.so.40.1.0
+usr/lib/libnetsnmpagent.so.40.2.0
#usr/lib/libnetsnmphelpers.a
#usr/lib/libnetsnmphelpers.la
#usr/lib/libnetsnmphelpers.so
usr/lib/libnetsnmphelpers.so.40
-usr/lib/libnetsnmphelpers.so.40.1.0
+usr/lib/libnetsnmphelpers.so.40.2.0
#usr/lib/libnetsnmpmibs.a
#usr/lib/libnetsnmpmibs.la
#usr/lib/libnetsnmpmibs.so
usr/lib/libnetsnmpmibs.so.40
-usr/lib/libnetsnmpmibs.so.40.1.0
+usr/lib/libnetsnmpmibs.so.40.2.0
#usr/lib/libnetsnmptrapd.a
#usr/lib/libnetsnmptrapd.la
#usr/lib/libnetsnmptrapd.so
usr/lib/libnetsnmptrapd.so.40
-usr/lib/libnetsnmptrapd.so.40.1.0
+usr/lib/libnetsnmptrapd.so.40.2.0
#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle
usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle/MakefileSubs.pm
#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/NetSNMP
diff --git a/lfs/netsnmpd b/lfs/netsnmpd
index 7724cd7de..5605d6307 100644
--- a/lfs/netsnmpd
+++ b/lfs/netsnmpd
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = SNMP Daemon
-VER = 5.9.1
+VER = 5.9.3
THISAPP = net-snmp-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = netsnmpd
-PAK_VER = 14
+PAK_VER = 15
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 6f4d5d279a81aa5f62628d3dd5221620590ad1dceec15fdc5e39705f7b08456b84aed4cf7376cbb807dd5b77dfe4162e47f2c9d29133f04ba321dfaf4aa7aaaa
+$(DL_FILE)_BLAKE2 = b8e3de60e178ec16ad2848ad77f3bd4cbd35eaa9be103c0fa5d17514c29df4e69015ac53b54c9e565e3032b0c0bb47c19729e65310a6acefae901e101ea49451
install : $(TARGET)
--
2.46.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-08-15 7:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-15 7:48 [PATCH] netsnmpd: Update to version 5.9.3 Adolf Belka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox