Bug 23656 - net-snmp new security issues CVE-2018-18065 and CVE-2018-18066
Summary: net-snmp new security issues CVE-2018-18065 and CVE-2018-18066
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-09 00:30 CEST by David Walser
Modified: 2019-11-06 13:36 CET (History)
6 users (show)

See Also:
Source RPM: net-snmp-5.7.3-13.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-10-09 00:30:27 CEST
Two security issues fixed upstream in net-snmp have been announced:
https://www.openwall.com/lists/oss-security/2018/10/08/4

Commits to fix the issues are linked in the message above.

Mageia 6 is also affected.
David Walser 2018-10-09 00:30:35 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-10-09 09:43:18 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package.

Also CC'ing some committers.

CC: (none) => geiger.david68210, mageia, mageia, marja11, pterjan
Assignee: bugsquad => pkg-bugs

Marc Krämer 2018-10-09 23:23:06 CEST

Assignee: pkg-bugs => mageia

Comment 2 Marc Krämer 2018-10-10 00:01:59 CEST
Give it back, there are too many patches I don't understand and almost all fail in cauldron after updating to 5.8

Assignee: mageia => bugsquad

Marc Krämer 2018-10-10 00:02:22 CEST

Assignee: bugsquad => pkg-bugs

Comment 3 David Walser 2018-10-13 00:47:21 CEST
Debian has issued an advisory for one of these issues on October 11:
https://www.debian.org/security/2018/dsa-4314
Comment 4 David Walser 2018-10-24 17:54:32 CEST
openSUSE has issued an advisory for one of these issues today (October 24):
https://lists.opensuse.org/opensuse-updates/2018-10/msg00155.html
Comment 5 David Walser 2018-12-25 20:54:12 CET
Fedora has issued an advisory for this on December 2:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KU7O2BTVH6R7RFI22NA6IGBL6RMR5BLW/

Severity: normal => major

Comment 6 David Walser 2019-01-01 01:59:25 CET
I updated Cauldron to 5.8.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 7 Mike Rambo 2019-11-06 13:36:38 CET
Mageia 6 is EOL.

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => mrambo


Note You need to log in before you can comment on or make changes to this bug.