[SECURITY] Fedora 36 Update: net-snmp-5.9.3-1.fc36

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-3af7a32fc0 2022-08-09 01:23:53.462363 -------------------------------------------------------------------------------- Name : net-snmp Product : Fedora 36 Version : 5.9.3 Release : 1.fc36 URL : http://net-snmp.sourceforge.net/ Summary : A collection of SNMP protocol tools and libraries Description : SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. -------------------------------------------------------------------------------- Update Information: New upstream release 5.9.3 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 4 2022 Josef Ridky <jridky(a)redhat.com&gt; - 1:5.9.3-1 - New upstream release 5.9.3 (#2072230) * Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1:5.9.1-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com&gt; - 1:5.9.1-16 - Rebuilt for Python 3.11 * Mon May 30 2022 Jitka Plesnikova <jplesnik(a)redhat.com&gt; - 1:5.9.1-15 - Perl 5.36 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2072230 - net-snmp-5.9.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2072230 [ 2 ] Bug #2105235 - CVE-2022-24806 net-snmp: : net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2105235 [ 3 ] Bug #2105238 - CVE-2022-24805 net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2105238 [ 4 ] Bug #2105239 - CVE-2022-24807 net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2105239 [ 5 ] Bug #2105240 - CVE-2022-24808 net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2105240 [ 6 ] Bug #2105241 - CVE-2022-24810 net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2105241 [ 7 ] Bug #2105242 - CVE-2022-24809 net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2105242 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3af7a32fc0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------