diff mbox series

netsnmpd: Update to version 5.9.3

Message ID 20240815074817.2389-1-adolf.belka@ipfire.org
State Staged
Commit 0915078267009f6158222cbbebbb23196283fe39
Headers
Series netsnmpd: Update to version 5.9.3 |

Commit Message

Adolf Belka Aug. 15, 2024, 7:48 a.m. UTC 
  - Update from version 5.9.1 to 5.9.3
- Version 5.9.4 exists but it is indicated that SNMP over TLS and/or DTLS is not
   functioning properly with various versions of OpenSSL. However I could not find which
   versions mentioned in the News or Changelog. The problem will be fixed in a future
   version. There are no CVE fixes in 5.9.4, only a relatively few bug fixes so I
   decided to wait for the fixed version in case there are users using TLS with SNMP.
- Update of rootfile
- 6 CVE fixes in 5.9.3
- Changelog
    5.9.3
	    security:
	      - These two CVEs can be exploited by a user with read-only credentials:
	          - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
	            NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
	          - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
	            can cause a NULL pointer dereference.
	      - These CVEs can be exploited by a user with read-write credentials:
	          - CVE-2022-24806 Improper Input Validation when SETing malformed
	            OIDs in master agent and subagent simultaneously
	          - CVE-2022-24807 A malformed OID in a SET request to
	            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
	            out-of-bounds memory access.
	          - CVE-2022-24808 A malformed OID in a SET request to
	            NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
	          - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
	            can cause a NULL pointer dereference.
	      - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
	        If you must use SNMPv1 or SNMPv2c, use a complex community string
	        and enhance the protection by restricting access to a given IP address
		range.
	      - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
	        reporting the following CVEs that have been fixed in this release, and
	        to Arista Networks for providing fixes.
	    misc:
	      - Snmp-create-v3-user: Fix the snmpd.conf path   @datadir@ is
		expanded in ${datarootdir} so datarootdir must be set before
		@datadir@ is used.
	    general: Many bug fixes
    5.9.2
	    skipped due to a last minute library versioning found bug -- use 5.9.3 instead

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/netsnmpd | 11 +++++------
 lfs/netsnmpd                       |  8 ++++----
 2 files changed, 9 insertions(+), 10 deletions(-)
diff mbox series

Patch

diff --git a/config/rootfiles/packages/netsnmpd b/config/rootfiles/packages/netsnmpd
index 8e1814886..510f4a0cf 100644
--- a/config/rootfiles/packages/netsnmpd
+++ b/config/rootfiles/packages/netsnmpd
@@ -110,7 +110,6 @@  usr/bin/traptoemail
 #usr/include/net-snmp/library/data_list.h
 #usr/include/net-snmp/library/default_store.h
 #usr/include/net-snmp/library/dir_utils.h
-#usr/include/net-snmp/library/factory.h
 #usr/include/net-snmp/library/fd_event_manager.h
 #usr/include/net-snmp/library/file_utils.h
 #usr/include/net-snmp/library/getopt.h
@@ -233,27 +232,27 @@  usr/bin/traptoemail
 #usr/lib/libnetsnmp.la
 #usr/lib/libnetsnmp.so
 usr/lib/libnetsnmp.so.40
-usr/lib/libnetsnmp.so.40.1.0
+usr/lib/libnetsnmp.so.40.2.0
 #usr/lib/libnetsnmpagent.a
 #usr/lib/libnetsnmpagent.la
 #usr/lib/libnetsnmpagent.so
 usr/lib/libnetsnmpagent.so.40
-usr/lib/libnetsnmpagent.so.40.1.0
+usr/lib/libnetsnmpagent.so.40.2.0
 #usr/lib/libnetsnmphelpers.a
 #usr/lib/libnetsnmphelpers.la
 #usr/lib/libnetsnmphelpers.so
 usr/lib/libnetsnmphelpers.so.40
-usr/lib/libnetsnmphelpers.so.40.1.0
+usr/lib/libnetsnmphelpers.so.40.2.0
 #usr/lib/libnetsnmpmibs.a
 #usr/lib/libnetsnmpmibs.la
 #usr/lib/libnetsnmpmibs.so
 usr/lib/libnetsnmpmibs.so.40
-usr/lib/libnetsnmpmibs.so.40.1.0
+usr/lib/libnetsnmpmibs.so.40.2.0
 #usr/lib/libnetsnmptrapd.a
 #usr/lib/libnetsnmptrapd.la
 #usr/lib/libnetsnmptrapd.so
 usr/lib/libnetsnmptrapd.so.40
-usr/lib/libnetsnmptrapd.so.40.1.0
+usr/lib/libnetsnmptrapd.so.40.2.0
 #usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle
 usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Bundle/MakefileSubs.pm
 #usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/NetSNMP
diff --git a/lfs/netsnmpd b/lfs/netsnmpd
index 7724cd7de..5605d6307 100644
--- a/lfs/netsnmpd
+++ b/lfs/netsnmpd
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2019  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@  include Config
 
 SUMMARY    = SNMP Daemon
 
-VER        = 5.9.1
+VER        = 5.9.3
 
 THISAPP    = net-snmp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = netsnmpd
-PAK_VER    = 14
+PAK_VER    = 15
 
 DEPS       =
 
@@ -48,7 +48,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 6f4d5d279a81aa5f62628d3dd5221620590ad1dceec15fdc5e39705f7b08456b84aed4cf7376cbb807dd5b77dfe4162e47f2c9d29133f04ba321dfaf4aa7aaaa
+$(DL_FILE)_BLAKE2 = b8e3de60e178ec16ad2848ad77f3bd4cbd35eaa9be103c0fa5d17514c29df4e69015ac53b54c9e565e3032b0c0bb47c19729e65310a6acefae901e101ea49451
 
 install : $(TARGET)