Headline
Ubuntu Security Notice USN-5543-1
Ubuntu Security Notice 5543-1 - Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5543-1August 01, 2022net-snmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Net-SNMP.Software Description:- net-snmp: SNMP (Simple Network Management Protocol) server and applicationsDetails:Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handledmemory operations when processing certain requests. A remote attacker coulduse this issue to cause Net-SNMP to crash, resulting in a denial ofservice, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS: libsnmp-perl 5.9.1+dfsg-1ubuntu2.2 libsnmp40 5.9.1+dfsg-1ubuntu2.2 snmp 5.9.1+dfsg-1ubuntu2.2 snmpd 5.9.1+dfsg-1ubuntu2.2Ubuntu 20.04 LTS: libsnmp-perl 5.8+dfsg-2ubuntu2.4 libsnmp35 5.8+dfsg-2ubuntu2.4 snmp 5.8+dfsg-2ubuntu2.4 snmpd 5.8+dfsg-2ubuntu2.4Ubuntu 18.04 LTS: libsnmp-perl 5.7.3+dfsg-1.8ubuntu3.7 libsnmp30 5.7.3+dfsg-1.8ubuntu3.7 snmp 5.7.3+dfsg-1.8ubuntu3.7 snmpd 5.7.3+dfsg-1.8ubuntu3.7After a standard system update you need to restart snmpd to make all thenecessary changes.References: https://ubuntu.com/security/notices/USN-5543-1 CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810Package Information: https://launchpad.net/ubuntu/+source/net-snmp/5.9.1+dfsg-1ubuntu2.2 https://launchpad.net/ubuntu/+source/net-snmp/5.8+dfsg-2ubuntu2.4 https://launchpad.net/ubuntu/+source/net-snmp/5.7.3+dfsg-1.8ubuntu3.7Related news
Red Hat Security Advisory 2024-7875-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2024-7260-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and null pointer vulnerabilities.
Ubuntu Security Notice 5795-2 - USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.
Gentoo Linux Security Advisory 202210-29 - Multiple vulnerabilities have been discovered in Net-SNMP, the worst of which could result in denial of service. Versions less than 5.9.2 are affected.