An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1010 Final 1.0 1.0 2023-01-06 Initial 2023-01-06 2023-01-06 openEuler SA Tool V1.0 2023-01-06 net-snmp security update An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes: - An extensible agent for responding to SNMP queries including built-in support for a wide range of MIB information modules - Command-line applications to retrieve and manipulate information from SNMP-capable devices - A daemon application for receiving SNMP notifications - A library for developing new SNMP applications, with C and Perl APIs - A graphical MIB browser. Security Fix(es): handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44793) handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.(CVE-2022-44792) An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium net-snmp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1010 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-44793 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-44792 https://nvd.nist.gov/vuln/detail/CVE-2022-44793 https://nvd.nist.gov/vuln/detail/CVE-2022-44792 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 python3-net-snmp-5.9-8.oe1.aarch64.rpm net-snmp-gui-5.9-8.oe1.aarch64.rpm net-snmp-5.9-8.oe1.aarch64.rpm net-snmp-libs-5.9-8.oe1.aarch64.rpm net-snmp-perl-5.9-8.oe1.aarch64.rpm net-snmp-debugsource-5.9-8.oe1.aarch64.rpm net-snmp-debuginfo-5.9-8.oe1.aarch64.rpm net-snmp-devel-5.9-8.oe1.aarch64.rpm net-snmp-debugsource-5.9-8.oe1.aarch64.rpm net-snmp-gui-5.9-8.oe1.aarch64.rpm net-snmp-debuginfo-5.9-8.oe1.aarch64.rpm net-snmp-5.9-8.oe1.aarch64.rpm net-snmp-devel-5.9-8.oe1.aarch64.rpm python3-net-snmp-5.9-8.oe1.aarch64.rpm net-snmp-libs-5.9-8.oe1.aarch64.rpm net-snmp-perl-5.9-8.oe1.aarch64.rpm net-snmp-gui-5.9.1-5.oe2203.aarch64.rpm net-snmp-debugsource-5.9.1-5.oe2203.aarch64.rpm net-snmp-5.9.1-5.oe2203.aarch64.rpm net-snmp-devel-5.9.1-5.oe2203.aarch64.rpm net-snmp-libs-5.9.1-5.oe2203.aarch64.rpm net-snmp-debuginfo-5.9.1-5.oe2203.aarch64.rpm net-snmp-perl-5.9.1-5.oe2203.aarch64.rpm python3-net-snmp-5.9.1-5.oe2203.aarch64.rpm net-snmp-debugsource-5.9.1-5.oe2203sp1.aarch64.rpm python3-net-snmp-5.9.1-5.oe2203sp1.aarch64.rpm net-snmp-gui-5.9.1-5.oe2203sp1.aarch64.rpm net-snmp-debuginfo-5.9.1-5.oe2203sp1.aarch64.rpm net-snmp-5.9.1-5.oe2203sp1.aarch64.rpm net-snmp-perl-5.9.1-5.oe2203sp1.aarch64.rpm net-snmp-devel-5.9.1-5.oe2203sp1.aarch64.rpm net-snmp-libs-5.9.1-5.oe2203sp1.aarch64.rpm net-snmp-help-5.9-8.oe1.noarch.rpm net-snmp-help-5.9-8.oe1.noarch.rpm net-snmp-help-5.9.1-5.oe2203.noarch.rpm net-snmp-help-5.9.1-5.oe2203sp1.noarch.rpm net-snmp-5.9-8.oe1.src.rpm net-snmp-5.9-8.oe1.src.rpm net-snmp-5.9.1-5.oe2203.src.rpm net-snmp-5.9.1-5.oe2203sp1.src.rpm net-snmp-libs-5.9-8.oe1.x86_64.rpm net-snmp-gui-5.9-8.oe1.x86_64.rpm net-snmp-debuginfo-5.9-8.oe1.x86_64.rpm net-snmp-perl-5.9-8.oe1.x86_64.rpm net-snmp-5.9-8.oe1.x86_64.rpm python3-net-snmp-5.9-8.oe1.x86_64.rpm net-snmp-devel-5.9-8.oe1.x86_64.rpm net-snmp-debugsource-5.9-8.oe1.x86_64.rpm python3-net-snmp-5.9-8.oe1.x86_64.rpm net-snmp-gui-5.9-8.oe1.x86_64.rpm net-snmp-5.9-8.oe1.x86_64.rpm net-snmp-libs-5.9-8.oe1.x86_64.rpm net-snmp-debuginfo-5.9-8.oe1.x86_64.rpm net-snmp-perl-5.9-8.oe1.x86_64.rpm net-snmp-debugsource-5.9-8.oe1.x86_64.rpm net-snmp-devel-5.9-8.oe1.x86_64.rpm net-snmp-perl-5.9.1-5.oe2203.x86_64.rpm net-snmp-gui-5.9.1-5.oe2203.x86_64.rpm net-snmp-libs-5.9.1-5.oe2203.x86_64.rpm net-snmp-devel-5.9.1-5.oe2203.x86_64.rpm net-snmp-debuginfo-5.9.1-5.oe2203.x86_64.rpm python3-net-snmp-5.9.1-5.oe2203.x86_64.rpm net-snmp-5.9.1-5.oe2203.x86_64.rpm net-snmp-debugsource-5.9.1-5.oe2203.x86_64.rpm net-snmp-debuginfo-5.9.1-5.oe2203sp1.x86_64.rpm net-snmp-perl-5.9.1-5.oe2203sp1.x86_64.rpm net-snmp-devel-5.9.1-5.oe2203sp1.x86_64.rpm net-snmp-debugsource-5.9.1-5.oe2203sp1.x86_64.rpm python3-net-snmp-5.9.1-5.oe2203sp1.x86_64.rpm net-snmp-libs-5.9.1-5.oe2203sp1.x86_64.rpm net-snmp-gui-5.9.1-5.oe2203sp1.x86_64.rpm net-snmp-5.9.1-5.oe2203sp1.x86_64.rpm handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. 2023-01-06 CVE-2022-44793 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H net-snmp security update 2023-01-06 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1010 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. 2023-01-06 CVE-2022-44792 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H net-snmp security update 2023-01-06 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1010