SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-50

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-50

Security update for net-snmp

Type: security

Severity: important

Issued: 2022-01-11

Description:

This update for net-snmp fixes the following issues:

- CVE-2020-15862: Make extended MIB read-only (bsc#1174961)
- CVE-2018-18065: Fix remote DoS in agent/helpers/table.c (bsc#1111122)

References

jira: SLE-6120 https://jira.suse.com/browse/SLE-6120
CVE: CVE-2020-15862
CVE: CVE-2018-18065
Bugzilla: 1181591 net-snmpd writes v3 configuration data in /usr/share -- violation of Linux Filesystm Hierarchy
Bugzilla: 1179699 BUG 1145864 PTFs introduced new issue : missing indexes in HOST-RESOURCES-MIB::hrStorage tree
Bugzilla: 1179009 agentx_register_callbacks core-callback allocation failed from run_alarms API [ref:_00D1igLOd._5001iVO7KZ:ref]
Bugzilla: 1178351 handle_subagent_set_response: Data corruption while performing the multiple snmpset operation in agentx session [ref:_00D1igLOd._5001iTfUUJ:ref]
Bugzilla: 1178021 net-snmp subagent crash : Malloc failed at save_set_var() due to memory errors [ref:_00D1igLOd._5001iTfUjE:ref]
Bugzilla: 1174961 VUL-0: CVE-2020-15862: net-snmp: privilege escalation
Bugzilla: 1152968 net-snmp returns incorrect value in hrStorageSize for SLES 12 SP4 PPC system with 12TB of RAM
Bugzilla: 1145864 HPE requests backport of net-snmp upstream fix
Bugzilla: 1140341 net-snmp: Add Lustre filesystem support
Bugzilla: 1116807 L3-Question: net-snmp: forwarded traps do not contain initial src ip
Bugzilla: 1111122 VUL-0: CVE-2018-18065: net-snmp: remote DoS (_set_key)
Bugzilla: 1108471 net-snmp package does not install sysconfig files
Bugzilla: 1102775 Segfault in snmpd
Bugzilla: 1081164 Missing compile net-snmp options prevent using SNMP over DTLS
Bugzilla: 1027353 snmpd has hungs up but systemctl does not show that

Packages

net-snmp-5.7.3-10.9.1