SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-75

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-75

Security update for net-snmp

Type: security

Severity: moderate

Issued: 2023-02-03

Description:

This update for net-snmp fixes the following issues:

- CVE-2022-44793: Fixed a NULL pointer dereference issue that could
  allow a remote attacker with write access to crash the server
  instance (bsc#1205148).
- CVE-2022-44792: Fixed a NULL pointer dereference issue that could
  allow a remote attacker with write access to crash the server
  instance (bsc#1205150).

Other fixes:
- Enabled AES-192 and AES-256 privacy protocols (bsc#1206828).
- Fixed an incorrect systemd hardening that caused home directory
  size and allocation to be listed incorrectly (bsc#1206044)

References

CVE: CVE-2022-44793
CVE: CVE-2022-44792
Bugzilla: 1206828 net-snmp package doesn't support aes256 as privacy protocol
Bugzilla: 1206044 L3: MIB host-resource size calculation is broken for XFS - ref:_00D1igLOd._5005qGHkGL:ref
Bugzilla: 1205150 VUL-0: CVE-2022-44792: net-snmp,net-snmp-openssl1: remote attacker with write access can cause a NULL pointer dereference in handle_ipDefaultTTL()
Bugzilla: 1205148 VUL-0: CVE-2022-44793: net-snmp-openssl1,net-snmp: remote attacker with write access can cause a NULL pointer dereference in handle_ipv6IpForwarding()

Packages

net-snmp-5.9.3-150300.15.8.1