netsnmpd: Update to version 5.9.3
Commit Message
- Update from version 5.9.1 to 5.9.3
- Version 5.9.4 exists but it is indicated that SNMP over TLS and/or DTLS is not
functioning properly with various versions of OpenSSL. However I could not find which
versions mentioned in the News or Changelog. The problem will be fixed in a future
version. There are no CVE fixes in 5.9.4, only a relatively few bug fixes so I
decided to wait for the fixed version in case there are users using TLS with SNMP.
- Update of rootfile
- 6 CVE fixes in 5.9.3
- Changelog
5.9.3
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address
range.
- Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
misc:
- Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
general: Many bug fixes
5.9.2
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/packages/netsnmpd | 11 +++++------
lfs/netsnmpd | 8 ++++----
2 files changed, 9 insertions(+), 10 deletions(-)
@@ -110,7 +110,6 @@ usr/bin/traptoemail
#usr/include/net-snmp/library/data_list.h
#usr/include/net-snmp/library/default_store.h
#usr/include/net-snmp/library/dir_utils.h
-#usr/include/net-snmp/library/factory.h
#usr/include/net-snmp/library/fd_event_manager.h
#usr/include/net-snmp/library/file_utils.h
#usr/include/net-snmp/library/getopt.h
@@ -233,27 +232,27 @@ usr/bin/traptoemail
#usr/lib/libnetsnmp.la
#usr/lib/libnetsnmp.so
usr/lib/libnetsnmp.so.40
-usr/lib/libnetsnmp.so.40.1.0
+usr/lib/libnetsnmp.so.40.2.0
#usr/lib/libnetsnmpagent.a
#usr/lib/libnetsnmpagent.la
#usr/lib/libnetsnmpagent.so
usr/lib/libnetsnmpagent.so.40
-usr/lib/libnetsnmpagent.so.40.1.0
+usr/lib/libnetsnmpagent.so.40.2.0
#usr/lib/libnetsnmphelpers.a
#usr/lib/libnetsnmphelpers.la
#usr/lib/libnetsnmphelpers.so
usr/lib/libnetsnmphelpers.so.40
-usr/lib/libnetsnmphelpers.so.40.1.0
+usr/lib/libnetsnmphelpers.so.40.2.0
#usr/lib/libnetsnmpmibs.a
#usr/lib/libnetsnmpmibs.la
#usr/lib/libnetsnmpmibs.so
usr/lib/libnetsnmpmibs.so.40
-usr/lib/libnetsnmpmibs.so.40.1.0
+usr/lib/libnetsnmpmibs.so.40.2.0
#usr/lib/libnetsnmptrapd.a
#usr/lib/libnetsnmptrapd.la
#usr/lib/libnetsnmptrapd.so
usr/lib/libnetsnmptrapd.so.40
-usr/lib/libnetsnmptrapd.so.40.1.0
+usr/lib/libnetsnmptrapd.so.40.2.0
#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle
usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle/MakefileSubs.pm
#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/NetSNMP
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = SNMP Daemon
-VER = 5.9.1
+VER = 5.9.3
THISAPP = net-snmp-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = netsnmpd
-PAK_VER = 14
+PAK_VER = 15
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 6f4d5d279a81aa5f62628d3dd5221620590ad1dceec15fdc5e39705f7b08456b84aed4cf7376cbb807dd5b77dfe4162e47f2c9d29133f04ba321dfaf4aa7aaaa
+$(DL_FILE)_BLAKE2 = b8e3de60e178ec16ad2848ad77f3bd4cbd35eaa9be103c0fa5d17514c29df4e69015ac53b54c9e565e3032b0c0bb47c19729e65310a6acefae901e101ea49451
install : $(TARGET)