Security update for net-snmp SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:0050-1 Final 1 1 2022-01-11T09:11:40Z current 2022-01-11T09:11:40Z 2022-01-11T09:11:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for net-snmp This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) - CVE-2018-18065: Fix remote DoS in agent/helpers/table.c (bsc#1111122) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-50,openSUSE-SLE-15.3-2022-50 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2OQK3YBZP7LLGFOZF2RYGZC5GDDRHRI6/ E-Mail link for openSUSE-SU-2022:0050-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027353 SUSE Bug 1027353 https://bugzilla.suse.com/1081164 SUSE Bug 1081164 https://bugzilla.suse.com/1102775 SUSE Bug 1102775 https://bugzilla.suse.com/1108471 SUSE Bug 1108471 https://bugzilla.suse.com/1111122 SUSE Bug 1111122 https://bugzilla.suse.com/1116807 SUSE Bug 1116807 https://bugzilla.suse.com/1140341 SUSE Bug 1140341 https://bugzilla.suse.com/1145864 SUSE Bug 1145864 https://bugzilla.suse.com/1152968 SUSE Bug 1152968 https://bugzilla.suse.com/1174961 SUSE Bug 1174961 https://bugzilla.suse.com/1178021 SUSE Bug 1178021 https://bugzilla.suse.com/1178351 SUSE Bug 1178351 https://bugzilla.suse.com/1179009 SUSE Bug 1179009 https://bugzilla.suse.com/1179699 SUSE Bug 1179699 https://bugzilla.suse.com/1181591 SUSE Bug 1181591 https://www.suse.com/security/cve/CVE-2018-18065/ SUSE CVE CVE-2018-18065 page https://www.suse.com/security/cve/CVE-2020-15862/ SUSE CVE CVE-2020-15862 page openSUSE Leap 15.3 openSUSE Leap 15.3 NonFree opera-84.0.4316.14-lp153.2.36.1 libsnmp30-5.7.3-10.9.1 libsnmp30-32bit-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 net-snmp-devel-32bit-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 python2-net-snmp-5.7.3-10.9.1 python3-net-snmp-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 libsnmp30-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 libsnmp30-32bit-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 net-snmp-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 net-snmp-devel-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 net-snmp-devel-32bit-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 perl-SNMP-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 python2-net-snmp-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 python3-net-snmp-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 snmp-mibs-5.7.3-10.9.1 as a component of openSUSE Leap 15.3 opera-84.0.4316.14-lp153.2.36.1 as a component of openSUSE Leap 15.3 NonFree _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2018-18065 openSUSE Leap 15.3 NonFree:opera-84.0.4316.14-lp153.2.36.1 openSUSE Leap 15.3:libsnmp30-32bit-5.7.3-10.9.1 openSUSE Leap 15.3:libsnmp30-5.7.3-10.9.1 openSUSE Leap 15.3:net-snmp-5.7.3-10.9.1 openSUSE Leap 15.3:net-snmp-devel-32bit-5.7.3-10.9.1 openSUSE Leap 15.3:net-snmp-devel-5.7.3-10.9.1 openSUSE Leap 15.3:perl-SNMP-5.7.3-10.9.1 openSUSE Leap 15.3:python2-net-snmp-5.7.3-10.9.1 openSUSE Leap 15.3:python3-net-snmp-5.7.3-10.9.1 openSUSE Leap 15.3:snmp-mibs-5.7.3-10.9.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2OQK3YBZP7LLGFOZF2RYGZC5GDDRHRI6/ https://www.suse.com/security/cve/CVE-2018-18065.html CVE-2018-18065 https://bugzilla.suse.com/1111122 SUSE Bug 1111122 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 https://bugzilla.suse.com/1145864 SUSE Bug 1145864 Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. CVE-2020-15862 openSUSE Leap 15.3 NonFree:opera-84.0.4316.14-lp153.2.36.1 openSUSE Leap 15.3:libsnmp30-32bit-5.7.3-10.9.1 openSUSE Leap 15.3:libsnmp30-5.7.3-10.9.1 openSUSE Leap 15.3:net-snmp-5.7.3-10.9.1 openSUSE Leap 15.3:net-snmp-devel-32bit-5.7.3-10.9.1 openSUSE Leap 15.3:net-snmp-devel-5.7.3-10.9.1 openSUSE Leap 15.3:perl-SNMP-5.7.3-10.9.1 openSUSE Leap 15.3:python2-net-snmp-5.7.3-10.9.1 openSUSE Leap 15.3:python3-net-snmp-5.7.3-10.9.1 openSUSE Leap 15.3:snmp-mibs-5.7.3-10.9.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2OQK3YBZP7LLGFOZF2RYGZC5GDDRHRI6/ https://www.suse.com/security/cve/CVE-2020-15862.html CVE-2020-15862 https://bugzilla.suse.com/1174961 SUSE Bug 1174961 https://bugzilla.suse.com/1193875 SUSE Bug 1193875 https://bugzilla.suse.com/1196341 SUSE Bug 1196341