* [Buildroot] [PATCH] package/netsnmp: security bump to version 5.9.4
@ 2023-10-01 19:06 Daniel Lang
2023-10-02 8:42 ` Peter Korsgaard
2023-10-13 15:17 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Daniel Lang @ 2023-10-01 19:06 UTC (permalink / raw)
To: buildroot
CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c
in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can
be used by a remote attacker (who has write access) to cause the
instance to crash via a crafted UDP packet, resulting in Denial of
Service.
CVE-2022-44793 handle_ipv6IpForwarding in
agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a
NULL Pointer Exception bug that can be used by a remote attacker to
cause the instance to crash via a crafted UDP packet, resulting in
Denial of Service.
The pgp key was changed [0] as the old one expired [1].
[0]: https://sourceforge.net/p/net-snmp/htdocs/ci/90a6d98aae21fcdff06b5be139eb4d44ae96a9de/
[1]: https://github.com/net-snmp/net-snmp/issues/595
Signed-off-by: Daniel Lang <dalang@gmx.at>
---
package/netsnmp/netsnmp.hash | 6 +++---
package/netsnmp/netsnmp.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/netsnmp/netsnmp.hash b/package/netsnmp/netsnmp.hash
index e1e9d10898..7898941271 100644
--- a/package/netsnmp/netsnmp.hash
+++ b/package/netsnmp/netsnmp.hash
@@ -1,7 +1,7 @@
# Locally calculated after checking pgp signature at
-# https://sourceforge.net/projects/net-snmp/files/net-snmp/5.9.3/net-snmp-5.9.3.tar.gz.asc
-# using key D0F8F495DA6160C44EFFBF10F07B9D2DACB19FD6
-sha256 2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a net-snmp-5.9.3.tar.gz
+# https://sourceforge.net/projects/net-snmp/files/net-snmp/5.9.4/net-snmp-5.9.4.tar.gz.asc
+# using key 6E6718AEF1EB5C65C32D1B2A356BC0B552D53CAB
+sha256 8b4de01391e74e3c7014beb43961a2d6d6fa03acc34280b9585f4930745b0544 net-snmp-5.9.4.tar.gz
# Hash for license file
sha256 ed869ea395a1f125819a56676385ab0557a21507764bf56f2943302011381e59 COPYING
diff --git a/package/netsnmp/netsnmp.mk b/package/netsnmp/netsnmp.mk
index c7df49f947..b0c35aa894 100644
--- a/package/netsnmp/netsnmp.mk
+++ b/package/netsnmp/netsnmp.mk
@@ -4,7 +4,7 @@
#
################################################################################
-NETSNMP_VERSION = 5.9.3
+NETSNMP_VERSION = 5.9.4
NETSNMP_SITE = https://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NETSNMP_VERSION)
NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz
NETSNMP_LICENSE = Various BSD-like
--
2.42.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/netsnmp: security bump to version 5.9.4
2023-10-01 19:06 [Buildroot] [PATCH] package/netsnmp: security bump to version 5.9.4 Daniel Lang
@ 2023-10-02 8:42 ` Peter Korsgaard
2023-10-13 15:17 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-10-02 8:42 UTC (permalink / raw)
To: Daniel Lang; +Cc: buildroot
>>>>> "Daniel" == Daniel Lang <dalang@gmx.at> writes:
> CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c
> in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can
> be used by a remote attacker (who has write access) to cause the
> instance to crash via a crafted UDP packet, resulting in Denial of
> Service.
> CVE-2022-44793 handle_ipv6IpForwarding in
> agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a
> NULL Pointer Exception bug that can be used by a remote attacker to
> cause the instance to crash via a crafted UDP packet, resulting in
> Denial of Service.
> The pgp key was changed [0] as the old one expired [1].
> [0]: https://sourceforge.net/p/net-snmp/htdocs/ci/90a6d98aae21fcdff06b5be139eb4d44ae96a9de/
> [1]: https://github.com/net-snmp/net-snmp/issues/595
> Signed-off-by: Daniel Lang <dalang@gmx.at>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/netsnmp: security bump to version 5.9.4
2023-10-01 19:06 [Buildroot] [PATCH] package/netsnmp: security bump to version 5.9.4 Daniel Lang
2023-10-02 8:42 ` Peter Korsgaard
@ 2023-10-13 15:17 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-10-13 15:17 UTC (permalink / raw)
To: Daniel Lang; +Cc: buildroot
>>>>> "Daniel" == Daniel Lang <dalang@gmx.at> writes:
> CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c
> in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can
> be used by a remote attacker (who has write access) to cause the
> instance to crash via a crafted UDP packet, resulting in Denial of
> Service.
> CVE-2022-44793 handle_ipv6IpForwarding in
> agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a
> NULL Pointer Exception bug that can be used by a remote attacker to
> cause the instance to crash via a crafted UDP packet, resulting in
> Denial of Service.
> The pgp key was changed [0] as the old one expired [1].
> [0]: https://sourceforge.net/p/net-snmp/htdocs/ci/90a6d98aae21fcdff06b5be139eb4d44ae96a9de/
> [1]: https://github.com/net-snmp/net-snmp/issues/595
> Signed-off-by: Daniel Lang <dalang@gmx.at>
Committed to 2023.02.x and 2023.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-10-13 15:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-01 19:06 [Buildroot] [PATCH] package/netsnmp: security bump to version 5.9.4 Daniel Lang
2023-10-02 8:42 ` Peter Korsgaard
2023-10-13 15:17 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox