From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] netsnmpd: Update to version 5.9.3 Date: Thu, 15 Aug 2024 09:48:17 +0200 Message-ID: <20240815074817.2389-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8297444766612617433==" List-Id: --===============8297444766612617433== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - Update from version 5.9.1 to 5.9.3 - Version 5.9.4 exists but it is indicated that SNMP over TLS and/or DTLS is = not functioning properly with various versions of OpenSSL. However I could not= find which versions mentioned in the News or Changelog. The problem will be fixed in = a future version. There are no CVE fixes in 5.9.4, only a relatively few bug fixes = so I decided to wait for the fixed version in case there are users using TLS wi= th SNMP. - Update of rootfile - 6 CVE fixes in 5.9.3 - Changelog 5.9.3 security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805=C2=A0A buffer overflow in the handling of the IND= EX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809=C2=A0A malformed OID in a GET-NEXT to the nsVacmA= ccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806=C2=A0Improper Input Validation when SETing malfor= med OIDs in master agent and subagent simultaneously - CVE-2022-24807=C2=A0A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808=C2=A0A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer derefere= nce - CVE-2022-24810=C2=A0A malformed OID in a SET to the nsVacmAccess= Table can cause a NULL pointer dereference. - To avoid these flaws, use strong SNMPv3 credentials and do not share= them. If you must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP addre= ss range. - Thanks are due to=C2=A0Yu Zhang of VARAS(a)IIE and Nanyu Zhong of VA= RAS(a)IIE for reporting the following CVEs that have been fixed in this release, a= nd to Arista Networks for providing fixes. misc: - Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is expanded in ${datarootdir} so datarootdir must be set before @datadir@ is used. general: Many bug fixes 5.9.2 skipped due to a last minute library versioning found bug -- use 5.9.3 i= nstead Signed-off-by: Adolf Belka --- config/rootfiles/packages/netsnmpd | 11 +++++------ lfs/netsnmpd | 8 ++++---- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/config/rootfiles/packages/netsnmpd b/config/rootfiles/packages/n= etsnmpd index 8e1814886..510f4a0cf 100644 --- a/config/rootfiles/packages/netsnmpd +++ b/config/rootfiles/packages/netsnmpd @@ -110,7 +110,6 @@ usr/bin/traptoemail #usr/include/net-snmp/library/data_list.h #usr/include/net-snmp/library/default_store.h #usr/include/net-snmp/library/dir_utils.h -#usr/include/net-snmp/library/factory.h #usr/include/net-snmp/library/fd_event_manager.h #usr/include/net-snmp/library/file_utils.h #usr/include/net-snmp/library/getopt.h @@ -233,27 +232,27 @@ usr/bin/traptoemail #usr/lib/libnetsnmp.la #usr/lib/libnetsnmp.so usr/lib/libnetsnmp.so.40 -usr/lib/libnetsnmp.so.40.1.0 +usr/lib/libnetsnmp.so.40.2.0 #usr/lib/libnetsnmpagent.a #usr/lib/libnetsnmpagent.la #usr/lib/libnetsnmpagent.so usr/lib/libnetsnmpagent.so.40 -usr/lib/libnetsnmpagent.so.40.1.0 +usr/lib/libnetsnmpagent.so.40.2.0 #usr/lib/libnetsnmphelpers.a #usr/lib/libnetsnmphelpers.la #usr/lib/libnetsnmphelpers.so usr/lib/libnetsnmphelpers.so.40 -usr/lib/libnetsnmphelpers.so.40.1.0 +usr/lib/libnetsnmphelpers.so.40.2.0 #usr/lib/libnetsnmpmibs.a #usr/lib/libnetsnmpmibs.la #usr/lib/libnetsnmpmibs.so usr/lib/libnetsnmpmibs.so.40 -usr/lib/libnetsnmpmibs.so.40.1.0 +usr/lib/libnetsnmpmibs.so.40.2.0 #usr/lib/libnetsnmptrapd.a #usr/lib/libnetsnmptrapd.la #usr/lib/libnetsnmptrapd.so usr/lib/libnetsnmptrapd.so.40 -usr/lib/libnetsnmptrapd.so.40.1.0 +usr/lib/libnetsnmptrapd.so.40.2.0 #usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle/Makef= ileSubs.pm #usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/NetSNMP diff --git a/lfs/netsnmpd b/lfs/netsnmpd index 7724cd7de..5605d6307 100644 --- a/lfs/netsnmpd +++ b/lfs/netsnmpd @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2019 IPFire Team = # +# Copyright (C) 2007-2024 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -26,7 +26,7 @@ include Config =20 SUMMARY =3D SNMP Daemon =20 -VER =3D 5.9.1 +VER =3D 5.9.3 =20 THISAPP =3D net-snmp-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D netsnmpd -PAK_VER =3D 14 +PAK_VER =3D 15 =20 DEPS =3D =20 @@ -48,7 +48,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D 6f4d5d279a81aa5f62628d3dd5221620590ad1dceec15fdc5e3970= 5f7b08456b84aed4cf7376cbb807dd5b77dfe4162e47f2c9d29133f04ba321dfaf4aa7aaaa +$(DL_FILE)_BLAKE2 =3D b8e3de60e178ec16ad2848ad77f3bd4cbd35eaa9be103c0fa5d175= 14c29df4e69015ac53b54c9e565e3032b0c0bb47c19729e65310a6acefae901e101ea49451 =20 install : $(TARGET) =20 --=20 2.46.0 --===============8297444766612617433==--