USN-5795-2: Net-SNMP vulnerabilities

Releases

• Ubuntu 16.04 ESM
• Ubuntu 14.04 ESM

Packages

• net-snmp - SNMP (Simple Network Management Protocol) server and applications

Details

USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Net-SNMP incorrectly handled certain requests. A
remote attacker could possibly use these issues to cause Net-SNMP to crash,
resulting in a denial of service.

Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled
memory operations when processing certain requests. A remote attacker could
use this issue to cause Net-SNMP to crash, resulting in a denial of
service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

• snmp - 5.7.3+dfsg-1ubuntu4.6+esm1
  Available with Ubuntu Pro
• libsnmp30 - 5.7.3+dfsg-1ubuntu4.6+esm1
  Available with Ubuntu Pro
• snmpd - 5.7.3+dfsg-1ubuntu4.6+esm1
  Available with Ubuntu Pro

Ubuntu 14.04

• snmp - 5.7.2~dfsg-8.1ubuntu3.3+esm3
  Available with Ubuntu Pro
• libsnmp30 - 5.7.2~dfsg-8.1ubuntu3.3+esm3
  Available with Ubuntu Pro
• snmpd - 5.7.2~dfsg-8.1ubuntu3.3+esm3
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2022-24805
• CVE-2022-24810
• CVE-2022-44793
• CVE-2022-24807
• CVE-2022-24808
• CVE-2022-44792
• CVE-2022-24809
• CVE-2022-24806

Related notices

• USN-5543-1: net-snmp, snmpd, libsnmp40, snmp, python-netsnmp, tkmib, libsnmp35, libsnmp-base, libsnmp-perl, libsnmp-dev, libsnmp30, libnetsnmptrapd40, snmptrapd
• USN-5795-1: net-snmp, snmpd, libsnmp40, snmp, python-netsnmp, tkmib, libsnmp35, libsnmp-base, libsnmp-perl, libsnmp-dev, libsnmp30, libnetsnmptrapd40, snmptrapd