Ubuntu has issued an advisory on January 9: https://ubuntu.com/security/notices/USN-5795-1 Mageia 8 is also affected.
Status comment: (none) => Patches available from upstream and UbuntuWhiteboard: (none) => MGA8TOO
Suggested advisory: ======================== The updated packages fix security vulnerabilities: handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (CVE-2022-44792) handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (CVE-2022-44793) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44792 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44793 https://ubuntu.com/security/notices/USN-5795-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)net-snmp40-5.9-1.2.mga8 lib(64)net-snmp-devel-5.9-1.2.mga8 net-snmp-5.9-1.2.mga8 net-snmp-mibs-5.9-1.2.mga8 net-snmp-tkmib-5.9-1.2.mga8 net-snmp-trapd-5.9-1.2.mga8 net-snmp-utils-5.9-1.2.mga8 perl-NetSNMP-5.9-1.2.mga8 python3-netsnmp-5.9-1.2.mga8 from SRPM: net-snmp-5.9-1.2.mga8.src.rpm
Status comment: Patches available from upstream and Ubuntu => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 8CC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Assignee: bugsquad => qa-bugs
Source RPM: net-snmp-5.9.3-1.mga9.src.rpm => net-snmp-5.9-1.1.mga8.src.rpm
MGA8-64 MATE on Acer Aspire 5253 No installation issues Ref bug 30697 Comment 5 for testing # systemctl start snmpd # systemctl -l status snmpd ● snmpd.service - Simple Network Management Protocol (SNMP) Daemon. Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2023-01-16 11:52:58 CET; 17s ago Main PID: 12485 (snmpd) Tasks: 1 (limit: 4364) Memory: 3.7M CPU: 193ms CGroup: /system.slice/snmpd.service └─12485 /usr/sbin/snmpd -LS0-4d -f Jan 16 11:52:56 mach7.hviaene.thuis systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon.... Jan 16 11:52:58 mach7.hviaene.thuis systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon.. $ snmpget -v2c -c public localhost system.sysDescr.0 SNMPv2-MIB::sysDescr.0 = STRING: Linux mach7.hviaene.thuis 5.15.82-server-1.mga8 #1 SMP Thu Dec 8 23:38:11 UTC 2022 x86_64 $ snmpwalk -v2c -c public localhost SNMPv2-MIB::sysDescr.0 = STRING: Linux mach7.hviaene.thuis 5.15.82-server-1.mga8 #1 SMP Thu Dec 8 23:38:11 UTC 2022 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (9672) 0:01:36.72 SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf) SNMPv2-MIB::sysName.0 = STRING: mach7.hviaene.thuis SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf) SNMPv2-MIB::sysORLastChange.0 = Timeticks: (6) 0:00:00.06 etc ..... at the end: HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (351025) 0:58:30.25 HOST-RESOURCES-MIB::hrSystemUptime.0 = No more variables left in this MIB View (It is past the end of the MIB tree) looks OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0015.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED