Date: Sat, 02 Mar 2024 16:13:41 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 277436] net-mgmt/net-snmp: update to 5.9.4 Message-ID: <bug-277436-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277436 Bug ID: 277436 Summary: net-mgmt/net-snmp: update to 5.9.4 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: zi@FreeBSD.org Reporter: rozhuk.im@gmail.com Assignee: zi@FreeBSD.org Flags: maintainer-feedback?(zi@FreeBSD.org) Created attachment 248876 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D248876&action= =3Dedit patch *5.9.4*: IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly in this release with various versions of OpenSSL and will be fixed in a future release. libsnmp: - Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not used in the Net-SNMP code base. - DISPLAY-HINT fixes - Miscellanious improvements to the transports - Handle multiple oldEngineID configuration lines=20 - fixes for DNS names longer than 63 characters agent: - Added a ignoremount configuration option for the HOST-MIB - disallow SETs with a NULL varbind - fix the --enable-minimalist build apps: - snmpset: allow SET with NULL varbind for testing - snmptrapd: improved MySQL logging code general: - configure: Remove -Wno-deprecated as it is no longer needed - miscellanious ther bug fixes, build fixes and cleanups *5.9.3*: security: - These two CVEs can be exploited by a user with read-only credential= s: - CVE-2022-24805=C2=A0A buffer overflow in the handling of the IN= DEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809=C2=A0A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806=C2=A0Improper Input Validation when SETing malfo= rmed OIDs in master agent and subagent simultaneously - CVE-2022-24807=C2=A0A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808=C2=A0A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer derefer= ence - CVE-2022-24810=C2=A0A malformed OID in a SET to the nsVacmAcces= sTable can cause a NULL pointer dereference. - To avoid these flaws, use strong SNMPv3 credentials and do not share them. If you must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP addr= ess range. - Thanks are due to=C2=A0Yu Zhang of VARAS@IIE and Nanyu Zhong of VAR= AS@IIE for reporting the following CVEs that have been fixed in this release, = and to Arista Networks for providing fixes. Windows: - WinExtDLL: Fix multiple compiler warnings - WinExtDLL: Make long strings occupy a single line Make it easier to look up error messages in the source code by making long strings occupy a single source code line. - WinExtDLL: Restore MIB-II support Make winExtDLL work on 64-bit Windows systems") caused snmpd to skip MIB-II on 64-bit systems. IF-MIB: Update ifTable entries even if the interface name has changed At least on Linux a network interface index may be reused for a network interface with a different name. Hence this patch that enables replacing network interface information even if the network interface name has changed. unspecified: - Moved transport code into a separate subdirectory in snmplib - Snmplib: remove inline versions of container funcs". misc: - snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is expanded in ${datarootdir} so datarootdir must be set before @datadir@ is used. *5.9.2*: skipped due to a last minute library versioning found bug -- use 5.9.3 instead --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277436-7788>