Bug 23656

Summary: net-snmp new security issues CVE-2018-18065 and CVE-2018-18066
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210, mageia, mageia, marja11, mhrambo3501, pterjan
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: net-snmp-5.7.3-13.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-10-09 00:30:27 CEST
Two security issues fixed upstream in net-snmp have been announced:
https://www.openwall.com/lists/oss-security/2018/10/08/4

Commits to fix the issues are linked in the message above.

Mageia 6 is also affected.
David Walser 2018-10-09 00:30:35 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-10-09 09:43:18 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package.

Also CC'ing some committers.

CC: (none) => geiger.david68210, mageia, mageia, marja11, pterjan
Assignee: bugsquad => pkg-bugs

Marc Krämer 2018-10-09 23:23:06 CEST

Assignee: pkg-bugs => mageia

Comment 2 Marc Krämer 2018-10-10 00:01:59 CEST
Give it back, there are too many patches I don't understand and almost all fail in cauldron after updating to 5.8

Assignee: mageia => bugsquad

Marc Krämer 2018-10-10 00:02:22 CEST

Assignee: bugsquad => pkg-bugs

Comment 3 David Walser 2018-10-13 00:47:21 CEST
Debian has issued an advisory for one of these issues on October 11:
https://www.debian.org/security/2018/dsa-4314
Comment 4 David Walser 2018-10-24 17:54:32 CEST
openSUSE has issued an advisory for one of these issues today (October 24):
https://lists.opensuse.org/opensuse-updates/2018-10/msg00155.html
Comment 5 David Walser 2018-12-25 20:54:12 CET
Fedora has issued an advisory for this on December 2:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KU7O2BTVH6R7RFI22NA6IGBL6RMR5BLW/

Severity: normal => major

Comment 6 David Walser 2019-01-01 01:59:25 CET
I updated Cauldron to 5.8.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 7 Mike Rambo 2019-11-06 13:36:38 CET
Mageia 6 is EOL.

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => mrambo