[SECURITY] [DLA 2299-1] net-snmp security update

2020-07-30T10:59:45
ID DEBIAN:DLA-2299-1:83903
Type debian
Reporter Debian
Modified 2020-07-30T10:59:45

Description

Package : net-snmp Version : 5.7.3+dfsg-1.7+deb9u2 Debian Bug : #965166

A privilege escalation vulnerability vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks.

Upstream notes that:

  • It is still possible to enable this MIB via the --with-mib-modules configure option.

  • Another MIB that provides similar functionality, namely ucd-snmp/extensible, is disabled by default.

  • The security risk of ucd-snmp/pass and ucd-snmp/pass_persist is lower since these modules only introduce a security risk if the invoked scripts are exploitable.

For Debian 9 "Stretch", this issue has been fixed in net-snmp version 5.7.3+dfsg-1.7+deb9u2.

We recommend that you upgrade your net-snmp packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS