[SECURITY] [DLA 3088-1] net-snmp security update

2022-08-3021:26:32

lists.debian.org

net-snmp

vulnerabilities

fixed

debian 10

buster

upgrade

security tracker

debian lts

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.0%

JSON

Debian LTS Advisory DLA-3088-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
August 30, 2022 https://wiki.debian.org/LTS

Package : net-snmp
Version : 5.7.3+dfsg-5+deb10u3
CVE ID : CVE-2022-24805 CVE-2022-24806 CVE-2022-24807
CVE-2022-24808 CVE-2022-24809 CVE-2022-24810

Yu Zhang and Nanyu Zhong discovered several vulnerabilities in net-snmp, a
suite of Simple Network Management Protocol applications, which could
result in denial of service or the execution of arbitrary code.

For Debian 10 buster, these problems have been fixed in version
5.7.3+dfsg-5+deb10u3.

We recommend that you upgrade your net-snmp packages.

For the detailed security status of net-snmp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/net-snmp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11s390xlibsnmp-perl< 5.9+dfsg-4+deb11u1libsnmp-perl_5.9+dfsg-4+deb11u1_s390x.deb
Debian10amd64snmptrapd< 5.7.3+dfsg-5+deb10u3snmptrapd_5.7.3+dfsg-5+deb10u3_amd64.deb
Debian10arm64libsnmp30< 5.7.3+dfsg-5+deb10u3libsnmp30_5.7.3+dfsg-5+deb10u3_arm64.deb
Debian10i386libsnmp-perl< 5.7.3+dfsg-5+deb10u3libsnmp-perl_5.7.3+dfsg-5+deb10u3_i386.deb
Debian11mips64ellibsnmp-dev< 5.9+dfsg-4+deb11u1libsnmp-dev_5.9+dfsg-4+deb11u1_mips64el.deb
Debian11mips64ellibnetsnmptrapd40< 5.9+dfsg-4+deb11u1libnetsnmptrapd40_5.9+dfsg-4+deb11u1_mips64el.deb
Debian11arm64libnetsnmptrapd40-dbgsym< 5.9+dfsg-4+deb11u1libnetsnmptrapd40-dbgsym_5.9+dfsg-4+deb11u1_arm64.deb
Debian11s390xlibsnmp-dev< 5.9+dfsg-4+deb11u1libsnmp-dev_5.9+dfsg-4+deb11u1_s390x.deb
Debian11amd64libsnmp-perl-dbgsym< 5.9+dfsg-4+deb11u1libsnmp-perl-dbgsym_5.9+dfsg-4+deb11u1_amd64.deb
Debian11arm64libnetsnmptrapd40< 5.9+dfsg-4+deb11u1libnetsnmptrapd40_5.9+dfsg-4+deb11u1_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	s390x	libsnmp-perl	< 5.9+dfsg-4+deb11u1	libsnmp-perl_5.9+dfsg-4+deb11u1_s390x.deb
Debian	10	amd64	snmptrapd	< 5.7.3+dfsg-5+deb10u3	snmptrapd_5.7.3+dfsg-5+deb10u3_amd64.deb
Debian	10	arm64	libsnmp30	< 5.7.3+dfsg-5+deb10u3	libsnmp30_5.7.3+dfsg-5+deb10u3_arm64.deb
Debian	10	i386	libsnmp-perl	< 5.7.3+dfsg-5+deb10u3	libsnmp-perl_5.7.3+dfsg-5+deb10u3_i386.deb
Debian	11	mips64el	libsnmp-dev	< 5.9+dfsg-4+deb11u1	libsnmp-dev_5.9+dfsg-4+deb11u1_mips64el.deb
Debian	11	mips64el	libnetsnmptrapd40	< 5.9+dfsg-4+deb11u1	libnetsnmptrapd40_5.9+dfsg-4+deb11u1_mips64el.deb
Debian	11	arm64	libnetsnmptrapd40-dbgsym	< 5.9+dfsg-4+deb11u1	libnetsnmptrapd40-dbgsym_5.9+dfsg-4+deb11u1_arm64.deb
Debian	11	s390x	libsnmp-dev	< 5.9+dfsg-4+deb11u1	libsnmp-dev_5.9+dfsg-4+deb11u1_s390x.deb
Debian	11	amd64	libsnmp-perl-dbgsym	< 5.9+dfsg-4+deb11u1	libsnmp-perl-dbgsym_5.9+dfsg-4+deb11u1_amd64.deb
Debian	11	arm64	libnetsnmptrapd40	< 5.9+dfsg-4+deb11u1	libnetsnmptrapd40_5.9+dfsg-4+deb11u1_arm64.deb