package/netsnmp: security bump to version 5.9.3 (83b43373) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 83b43373 authored Nov 25, 2022 by Peter Korsgaard Committed by Thomas Petazzoni Nov 25, 2022

package/netsnmp: security bump to version 5.9.3

Fixes the following security issues:

- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
  NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.

- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can
  cause a NULL pointer dereference.

- CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in
  master agent and subagent simultaneously

- CVE-2022-24807 A malformed OID in a SET request to
  SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory
  access.

- CVE-2022-24808 A malformed OID in a SET request to
  NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference

- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
  can cause a NULL pointer dereference.

Drop openssl linking patches as they are merged upstream / upstream changed
to use pkg-config for openssl since:

https://github.com/net-snmp/net-snmp/commit/8c3a094fbe9ebe38ed762488082d52c6d4e04ddb



Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

parent 634b55a1

Hide whitespace changes

Inline Side-by-side

Please register or to comment