[Git][security-tracker-team/security-tracker][master] new net-snmp issues

Wed Jul 27 20:39:11 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d16239a by Moritz Muehlenhoff at 2022-07-27T21:38:39+02:00
new net-snmp issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -33281,18 +33281,30 @@ CVE-2022-24812 (Grafana is an open-source platform for monitoring and observabil
 	- grafana <not-affected> (Only affects Grafana Enterprise)
 CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to versi ...)
 	NOT-FOR-US: Combodi
-CVE-2022-24810
+CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference]
 	RESERVED
-CVE-2022-24809
+	- net-snmp <unfixed>
+	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference]
 	RESERVED
-CVE-2022-24808
+	- net-snmp <unfixed>
+	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24808 [A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference]
 	RESERVED
-CVE-2022-24807
+	- net-snmp <unfixed>
+	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24807 [A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access]
 	RESERVED
-CVE-2022-24806
+	- net-snmp <unfixed>
+	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously]
 	RESERVED
-CVE-2022-24805
+	- net-snmp <unfixed>
+	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
+CVE-2022-24805 [A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access]
 	RESERVED
+	- net-snmp <unfixed>
+	NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
 CVE-2022-24804 (Discourse is an open source platform for community discussion. In stab ...)
 	NOT-FOR-US: Discourse
 CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor’s standard include proces ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -40,6 +40,8 @@ linux (carnil)
 ---
 ndpi/oldstable
 --
+net-snmp
+--
 netatalk
   open regression with MacOS, tentative patch not yet merged upstream
 --
@@ -63,6 +65,8 @@ ruby-tzinfo
 --
 salt
 --
+samba
+--
 slurm-llnl/oldstable
 --
 sox



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d16239ac5f32a25f8e09c281ba1160c52bf77ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d16239ac5f32a25f8e09c281ba1160c52bf77ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220727/96be12b8/attachment.htm>
