Headline
Gentoo Linux Security Advisory 202210-29
Gentoo Linux Security Advisory 202210-29 - Multiple vulnerabilities have been discovered in Net-SNMP, the worst of which could result in denial of service. Versions less than 5.9.2 are affected.
Gentoo Linux Security Advisory GLSA 202210-29
https://security.gentoo.org/
Severity: Low
Title: Net-SNMP: Multiple Vulnerabilities
Date: October 31, 2022
Bugs: #855500
ID: 202210-29
Synopsis
Multiple vulnerabilities have been discovered in Net-SNMP, the worst of
which could result in denial of service.
Background
Net-SNMP is a suite of applications used to implement the Simple Network
Management Protocol.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/net-snmp < 5.9.2 >= 5.9.2
Description
Multiple vulnerabilities have been discovered in Net-SNMP. Please review
the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Net-SNMP users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=net-analyzer/net-snmp-5.9.2”
References
[ 1 ] CVE-2022-24805
https://nvd.nist.gov/vuln/detail/CVE-2022-24805
[ 2 ] CVE-2022-24806
https://nvd.nist.gov/vuln/detail/CVE-2022-24806
[ 3 ] CVE-2022-24807
https://nvd.nist.gov/vuln/detail/CVE-2022-24807
[ 4 ] CVE-2022-24808
https://nvd.nist.gov/vuln/detail/CVE-2022-24808
[ 5 ] CVE-2022-24809
https://nvd.nist.gov/vuln/detail/CVE-2022-24809
[ 6 ] CVE-2022-24810
https://nvd.nist.gov/vuln/detail/CVE-2022-24810
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-29
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
Red Hat Security Advisory 2024-7875-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2024-7260-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and null pointer vulnerabilities.
Ubuntu Security Notice 5795-2 - USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.
Ubuntu Security Notice 5543-1 - Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5543-1 - Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5543-1 - Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5543-1 - Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5543-1 - Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5543-1 - Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code.