SUSE-RU-2024:0029-1

Source
https://www.suse.com/support/update/announcement/2024/suse-ru-20240029-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2024:0029-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-RU-2024:0029-1
Related
Published
2024-01-04T10:21:18Z
Modified
2024-01-04T10:21:18Z
Summary
Recommended update for net-snmp
Details

This update for net-snmp fixes the following issues:

Update to net-snmp-5.9.4 (bsc#1214364 jsc#PED-6435).

  • 5.9.4:

    • libsnmp:

      • Remove the SNMPSWIPEMEM() macro Remove this macro since it is not used in the Net-SNMP code base.
      • DISPLAY-HINT fixes
      • Miscellanious improvements to the transports
      • Handle multiple oldEngineID configuration lines
      • fixes for DNS names longer than 63 characters
    • agent:

      • Added a ignoremount configuration option for the HOST-MIB
      • disallow SETs with a NULL varbind
      • fix the --enable-minimalist build
    • apps:

      • snmpset: allow SET with NULL varbind for testing
      • snmptrapd: improved MySQL logging code
    • general:

      • configure: Remove -Wno-deprecated as it is no longer needed
      • miscellanious ther bug fixes, build fixes and cleanups
    • security:

      • These two CVEs can be exploited by a user with read-only credentials:

        • CVE-2022-24805�A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
        • CVE-2022-24809�A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.
      • These CVEs can be exploited by a user with read-write credentials:

        • CVE-2022-24806�Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously
        • CVE-2022-24807�A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.
        • CVE-2022-24808�A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
        • CVE-2022-24810�A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.
      • To avoid these flaws, use strong SNMPv3 credentials and do not share them. If you must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP address range.
      • Thanks are due to�Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for reporting the following CVEs that have been fixed in this release, and to Arista Networks for providing fixes.

        • IF-MIB: Update ifTable entries even if the interface name has changed At least on Linux a network interface index may be reused for a network interface with a different name. Hence this patch that enables replacing network interface information even if the network interface name has changed.

        • unspecified:

      • Moved transport code into a separate subdirectory in snmplib

      • Snmplib: remove inline versions of container funcs'.

        • misc:
      • snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is expanded in ${datarootdir} so datarootdir must be set before @datadir@ is used.

  • 5.9:

    • snmplib:

      • Add IPv6 support to DTLSUDP transport
      • use new netsnmpsockaddrstorage in netsnmpaddrpair
      • add base_transport ptr for tunneled transports
      • Dtls: overhaul of debug
      • Remove inline versions of container funcs
    • snmpd:

      • Use ETHTOOLGLINKSETTINGS when available Newer Linux kernels support ETHTOOLGLINKSETTINGS. Use it when available instead of the older and deprecated ETHTOOL_GSET. This patch avoids that the Linux kernel reports the following kernel warning: warning: 'snmpd' uses legacy ethtool link settings API, link modes are only partially reported See also https://sourceforge.net/p/net-snmp/patches/1387/.
      • [BUG 2926]: Make it possible to set agentXPingInterval for a subagent - register agentXPingInterval for the subagent list handler, before it was registered for snmp - added agentxTimeout to the subagent list handler. It's now possible to set for snmpd and the subagent. See 'man snmpd.conf' - added agentxRetries to the subagent list handler. See 'man snmpd.conf'. It's never used in the subagent, but it's now following the documentation Signed-off-by: Anders Wallin wallinux@gmail.com

        • snmptrap:
      • BUG: 2899: Patch from Drew Roedersheimer to set library engineboots/time values before sending

        • snmptrapd:
      • Add support for the latest libmysqlclient version

        • libsnmp:
      • Scan MIB directories in alphabetical order This guarantees that e.g. mibs/RFC1213-MIB.txt is read before mibs/SNMPv2-MIB.txt. The order in which these MIBs is read matters because both define sysLocation but with different attributes.

  • Removing legacy MIBs used by Velocity Software (jsc#PED-6416 jsc#PED-6434).

  • Added hardening to systemd service(s) (bsc#1181400, bsc#1206044).
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 12 SP5 / net-snmp

Package

Name
net-snmp
Purl
pkg:rpm/suse/net-snmp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.4-14.3.1

Ecosystem specific

{
    "binaries": [
        {
            "net-snmp-devel": "5.9.4-14.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / net-snmp

Package

Name
net-snmp
Purl
pkg:rpm/suse/net-snmp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.4-14.3.1

Ecosystem specific

{
    "binaries": [
        {
            "net-snmp": "5.9.4-14.3.1",
            "perl-SNMP": "5.9.4-14.3.1",
            "libsnmp40": "5.9.4-14.3.1",
            "snmp-mibs": "5.9.4-14.3.1",
            "libsnmp40-32bit": "5.9.4-14.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / net-snmp

Package

Name
net-snmp
Purl
pkg:rpm/suse/net-snmp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.4-14.3.1

Ecosystem specific

{
    "binaries": [
        {
            "net-snmp": "5.9.4-14.3.1",
            "perl-SNMP": "5.9.4-14.3.1",
            "libsnmp40": "5.9.4-14.3.1",
            "snmp-mibs": "5.9.4-14.3.1",
            "libsnmp40-32bit": "5.9.4-14.3.1"
        }
    ]
}