Mageia alert MGASA-2022-0311 (net-snmp)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2022-0311: Updated net-snmp packages fix security vulnerability | |
| Date: | Mon, 29 Aug 2022 07:08:49 +0200 | |
| Message-ID: | <20220829050849.235C09FB30@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2022-0311 - Updated net-snmp packages fix security vulnerability Publication date: 29 Aug 2022 URL: https://advisories.mageia.org/MGASA-2022-0311.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810 Description: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805) Buffer overflow and out of bounds memory access. (CVE-2022-24806) A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. (CVE-2022-24807) A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. (CVE-2022-24808) A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809) A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810) References: - https://bugs.mageia.org/show_bug.cgi?id=30697 - https://ubuntu.com/security/notices/USN-5543-1 - https://lists.fedoraproject.org/archives/list/package-ann... - https://www.debian.org/security/2022/dsa-5209 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... SRPMS: - 8/core/net-snmp-5.9-1.1.mga8