From ce2dd41ca5667d4980e8cf0d8028d213585613b56d357616cc7ddcdb5f6d5d5a Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 6 Jul 2022 11:22:09 +0000 Subject: [PATCH] Accepting request 986781 from home:abergmann:net-snmp:Factory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - update to 5.9.2 (bsc#1201103): - security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - Refactor two patches to work with version number 5.9.2: delete: * net-snmp-5.9.1-pie.patch * net-snmp-5.9.1-fix-create-v3-user-outfile.patch add: * net-snmp-5.9.2-pie.patch * net-snmp-5.9.2-fix-create-v3-user-outfile.patch OBS-URL: https://build.opensuse.org/request/show/986781 OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-snmp?expand=0&rev=46 --- ...nmp-5.9.1-fix-create-v3-user-outfile.patch | 12 -------- net-snmp-5.9.1.tar.gz | 3 -- net-snmp-5.9.1.tar.gz.asc | 16 ----------- ...nmp-5.9.2-fix-create-v3-user-outfile.patch | 12 ++++++++ ....9.1-pie.patch => net-snmp-5.9.2-pie.patch | 18 ++++++------ net-snmp-5.9.2.tar.gz | 3 ++ net-snmp-5.9.2.tar.gz.asc | 16 +++++++++++ net-snmp.changes | 28 +++++++++++++++++++ net-snmp.spec | 6 ++-- 9 files changed, 70 insertions(+), 44 deletions(-) delete mode 100644 net-snmp-5.9.1-fix-create-v3-user-outfile.patch delete mode 100644 net-snmp-5.9.1.tar.gz delete mode 100644 net-snmp-5.9.1.tar.gz.asc create mode 100644 net-snmp-5.9.2-fix-create-v3-user-outfile.patch rename net-snmp-5.9.1-pie.patch => net-snmp-5.9.2-pie.patch (61%) create mode 100644 net-snmp-5.9.2.tar.gz create mode 100644 net-snmp-5.9.2.tar.gz.asc diff --git a/net-snmp-5.9.1-fix-create-v3-user-outfile.patch b/net-snmp-5.9.1-fix-create-v3-user-outfile.patch deleted file mode 100644 index 19fd298..0000000 --- a/net-snmp-5.9.1-fix-create-v3-user-outfile.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nurp net-snmp-5.9.1-orig/net-snmp-create-v3-user.in net-snmp-5.9.1/net-snmp-create-v3-user.in ---- net-snmp-5.9.1-orig/net-snmp-create-v3-user.in 2021-05-26 00:19:35.000000000 +0200 -+++ net-snmp-5.9.1/net-snmp-create-v3-user.in 2022-03-09 16:15:47.782006944 +0100 -@@ -136,7 +136,7 @@ fi - echo "$line" >> "$outfile" - # Avoid that configure complains that this script ignores @datarootdir@ - echo "@datarootdir@" >/dev/null --outfile="@datadir@/snmp/snmpd.conf" -+outfile="/etc/snmp/snmpd.conf" - line="$token $user" - echo "adding the following line to $outfile:" - echo " $line" diff --git a/net-snmp-5.9.1.tar.gz b/net-snmp-5.9.1.tar.gz deleted file mode 100644 index 7167b2b..0000000 --- a/net-snmp-5.9.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f -size 6711774 diff --git a/net-snmp-5.9.1.tar.gz.asc b/net-snmp-5.9.1.tar.gz.asc deleted file mode 100644 index e9048ef..0000000 --- a/net-snmp-5.9.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAmCtd/sACgkQ8HudLayx -n9bnoQ/+PdEgmx034Qjc6EqMOqiRnsucnpXomB3e19gGeiCYhNUsIcBPeyV5pDbQ -P4O9vQaKFi5g+X8s4cwm+ebL62cgz+L+Ow8Aepg/VFP8JXuCCZVd01j8nHgXx44y -RTssH1EFkCDWAs3I4lKihw3rjDkzM68tQBgFvhFmPxsprb4423koj12elpxV+m1W -vEbbP+a4HLPHrbTBWAUs8V9KZlVWXx55CQzwYV0bSzvF5CbzQE5WFjXkTj5zmdYD -VcRIg4jHs0WfR6d7mPfMRXI3m15viyo43UDduUiZs6I97pXROy5Z4QL7krjP2rOn -eUlVs9L4RsGB5J5IiUsSGhoBIUHVesArFNPWokFaVEwFmCKZQNiRPlGt9PVdNnRO -A7gwvImj5/SSbhYvB1eUVJZvk223LewdpX3eFTUlu8QOlYn6ZSOACx4R/tWIMdSN -bBhq+DOipWIRFg59oP6DTjWd9OQbcENxiSj3qkURmFPAz/m3mlPA59mqRouj1Pab -uxWvYKb+bnmREOXYKSMD4FbA3D8ysMWyd0qxZ8wXOoaQ9G484viGfyCdeoXUsQeE -ejCZJE7uC/3hytWS3qtsZCCzMsyn0JwzhdCwG4q7cvrbE/RPt//rpd5J1cA0mBsY -eV9DncpCGGEYsLWPIvsjGUMgp61Dz/3fFiFDnpa27gy6QfXTR+s= -=Kfs+ ------END PGP SIGNATURE----- diff --git a/net-snmp-5.9.2-fix-create-v3-user-outfile.patch b/net-snmp-5.9.2-fix-create-v3-user-outfile.patch new file mode 100644 index 0000000..57cd1de --- /dev/null +++ b/net-snmp-5.9.2-fix-create-v3-user-outfile.patch @@ -0,0 +1,12 @@ +diff -Nurp net-snmp-5.9.2-orig/net-snmp-create-v3-user.in net-snmp-5.9.2/net-snmp-create-v3-user.in +--- net-snmp-5.9.2-orig/net-snmp-create-v3-user.in 2022-07-04 16:55:43.067366177 +0200 ++++ net-snmp-5.9.2/net-snmp-create-v3-user.in 2022-07-04 16:57:54.927367685 +0200 +@@ -138,7 +138,7 @@ prefix=@prefix@ + datarootdir=@datarootdir@ + # To suppress shellcheck complaints about $prefix and $datarootdir. + : "$prefix" "$datarootdir" +-outfile="@datadir@/snmp/snmpd.conf" ++outfile="/etc/snmp/snmpd.conf" + line="$token $user" + echo "adding the following line to $outfile:" + echo " $line" diff --git a/net-snmp-5.9.1-pie.patch b/net-snmp-5.9.2-pie.patch similarity index 61% rename from net-snmp-5.9.1-pie.patch rename to net-snmp-5.9.2-pie.patch index 17648f4..40660c5 100644 --- a/net-snmp-5.9.1-pie.patch +++ b/net-snmp-5.9.2-pie.patch @@ -1,8 +1,7 @@ -Index: net-snmp-5.9/agent/Makefile.in -=================================================================== ---- net-snmp-5.9.orig/agent/Makefile.in -+++ net-snmp-5.9/agent/Makefile.in -@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c +diff -Nurp net-snmp-5.9.2-orig/agent/Makefile.in net-snmp-5.9.2/agent/Makefile.in +--- net-snmp-5.9.2-orig/agent/Makefile.in 2022-07-01 01:49:40.000000000 +0200 ++++ net-snmp-5.9.2/agent/Makefile.in 2022-07-04 16:48:54.951361517 +0200 +@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) @@ -10,11 +9,10 @@ Index: net-snmp-5.9/agent/Makefile.in + $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) - $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ -Index: net-snmp-5.9/apps/Makefile.in -=================================================================== ---- net-snmp-5.9.orig/apps/Makefile.in -+++ net-snmp-5.9/apps/Makefile.in + $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ +diff -Nurp net-snmp-5.9.2-orig/apps/Makefile.in net-snmp-5.9.2/apps/Makefile.in +--- net-snmp-5.9.2-orig/apps/Makefile.in 2022-07-01 01:49:40.000000000 +0200 ++++ net-snmp-5.9.2/apps/Makefile.in 2022-07-04 16:48:54.951361517 +0200 @@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS} diff --git a/net-snmp-5.9.2.tar.gz b/net-snmp-5.9.2.tar.gz new file mode 100644 index 0000000..db11b2e --- /dev/null +++ b/net-snmp-5.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:21e86b06c8b54639f915781c9bf6433a79da5b7aa109087ea47a9b5378a6c5fd +size 6646200 diff --git a/net-snmp-5.9.2.tar.gz.asc b/net-snmp-5.9.2.tar.gz.asc new file mode 100644 index 0000000..8704b4d --- /dev/null +++ b/net-snmp-5.9.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE0Pj0ldphYMRO/78Q8HudLayxn9YFAmK+Np4ACgkQ8HudLayx +n9ahDQ//eAyWxwbhIjhAlOltO4/nqO3HgJiyfaAgE4UopMDLs4RLEreMZFrBsLiO +R0NYkkwJMFzX2OIl0u0kA+2syXDwpIHJ4oNESGhGti825f0LBpptGxXHhEXFfxeY +ecpzyO+SFWkcJli71XLQ2y9LLOk3YrnF2PtySvluNFCJ85n8yW+oA4Rkz4d+7L/X +K7ywTofcpKBMOcR/uVqtuKMDiWSFwifZUOECDPjXkt/rnm9QhigWwp/TbtomD2Wh +rS82yAjcdGVHpE4aGVAEQR3TFXFwwZv+Lr1byaAXYtAoYUoyzR39U7t7vArfGGnB +Pe3Eui4R6g/tcczBz0pE2mbzMgIYjZamuPFhcd62ZWyjsHS+2/bkF3pfZddVMWqp +CSzw6kzjY3L3GpihhSUVc7avLnrSi+T6j09zSX5RHFdZVbClm3/loaKtCAd5HI4v +dyd3oQRm/L3ML6fuGld6YrwV9znq4BOJp564H0uJjzfN223MHP6bZei2OuHbCgsS +vEzt1RIbZRPO1k2OlPrUmbTSgM09Ki8srIVSAJLWmXKA18WHjHqXy9H09A0beLxP +ki9chY9Y9N4PCXILwkcSyRkAO0St5XW4DMmjUdIzGi7KYVJMLMME/ViF+IJnwYLa +Ze7VA84FvSYIUPSkG/OvTkT6zgtH6XOHKcXNvJLq5gTJh4Zkt7Q= +=TTtu +-----END PGP SIGNATURE----- diff --git a/net-snmp.changes b/net-snmp.changes index 3d80126..85f9674 100644 --- a/net-snmp.changes +++ b/net-snmp.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Mon Jul 4 15:06:59 UTC 2022 - Alexander Bergmann + +- update to 5.9.2 (bsc#1201103): + - security: + - These two CVEs can be exploited by a user with read-only credentials: + - CVE-2022-24805 A buffer overflow in the handling of the INDEX of + NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. + - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable + can cause a NULL pointer dereference. + - These CVEs can be exploited by a user with read-write credentials: + - CVE-2022-24806 Improper Input Validation when SETing malformed + OIDs in master agent and subagent simultaneously + - CVE-2022-24807 A malformed OID in a SET request to + SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an + out-of-bounds memory access. + - CVE-2022-24808 A malformed OID in a SET request to + NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference + - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable + can cause a NULL pointer dereference. +- Refactor two patches to work with version number 5.9.2: + delete: + * net-snmp-5.9.1-pie.patch + * net-snmp-5.9.1-fix-create-v3-user-outfile.patch + add: + * net-snmp-5.9.2-pie.patch + * net-snmp-5.9.2-fix-create-v3-user-outfile.patch + ------------------------------------------------------------------- Wed Jun 29 11:21:07 UTC 2022 - Stefan Schubert diff --git a/net-snmp.spec b/net-snmp.spec index cf00da7..6596336 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -30,7 +30,7 @@ %define libname libsnmp40 %bcond_without python2 Name: net-snmp -Version: 5.9.1 +Version: 5.9.2 Release: 0 Summary: SNMP Daemon License: BSD-3-Clause AND MIT @@ -50,7 +50,7 @@ Source98: net-snmp-rpmlintrc Source99: baselibs.conf Patch1: net-snmp-5.9.1-socket-path.patch Patch2: net-snmp-5.9.1-testing-empty-arptable.patch -Patch3: net-snmp-5.9.1-pie.patch +Patch3: net-snmp-5.9.2-pie.patch Patch4: net-snmp-5.9.1-net-snmp-config-headercheck.patch Patch5: net-snmp-5.9.1-perl-tk-warning.patch Patch6: net-snmp-5.9.1-velocity-mib.patch @@ -61,7 +61,7 @@ Patch10: net-snmp-5.9.1-add-lustre-fs-support.patch Patch11: net-snmp-5.9.1-harden_snmpd.service.patch Patch12: net-snmp-5.9.1-harden_snmptrapd.service.patch Patch13: net-snmp-5.9.1-suse-systemd-service-files.patch -Patch14: net-snmp-5.9.1-fix-create-v3-user-outfile.patch +Patch14: net-snmp-5.9.2-fix-create-v3-user-outfile.patch Patch15: net-snmp-5.9.1-subagent-set-response.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools}