USN-5795-2: Net-SNMP vulnerabilities
16 January 2023
Several security issues were fixed in Net-SNMP.
Releases
Packages
- net-snmp - SNMP (Simple Network Management Protocol) server and applications
Details
USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Net-SNMP incorrectly handled certain requests. A
remote attacker could possibly use these issues to cause Net-SNMP to crash,
resulting in a denial of service.
Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled
memory operations when processing certain requests. A remote attacker could
use this issue to cause Net-SNMP to crash, resulting in a denial of
service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
snmp
-
5.7.3+dfsg-1ubuntu4.6+esm1
Available with Ubuntu Pro
-
libsnmp30
-
5.7.3+dfsg-1ubuntu4.6+esm1
Available with Ubuntu Pro
-
snmpd
-
5.7.3+dfsg-1ubuntu4.6+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
snmp
-
5.7.2~dfsg-8.1ubuntu3.3+esm3
Available with Ubuntu Pro
-
libsnmp30
-
5.7.2~dfsg-8.1ubuntu3.3+esm3
Available with Ubuntu Pro
-
snmpd
-
5.7.2~dfsg-8.1ubuntu3.3+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-5543-1: tkmib, snmpd, net-snmp, libsnmp30, libsnmp-perl, libnetsnmptrapd40, libsnmp35, libsnmp-base, libsnmp40, python-netsnmp, snmptrapd, snmp, libsnmp-dev
- USN-5795-1: tkmib, snmpd, net-snmp, libsnmp30, libsnmp-perl, libnetsnmptrapd40, libsnmp35, libsnmp-base, libsnmp40, python-netsnmp, snmptrapd, snmp, libsnmp-dev