diff options
author | 2022-07-21 18:13:18 +0000 | |
---|---|---|
committer | 2022-07-22 13:30:29 +0200 | |
commit | 7e930376320e016856285807d7788b01e51cc594 (patch) | |
tree | 42af5ffdc9af82005c3a34b0e42960ac8c6b50e5 /patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch | |
parent | 83e918a9794a98459b443e0095a9d13369d2fc7f (diff) | |
download | current-7e930376320e016856285807d7788b01e51cc594.tar.gz current-7e930376320e016856285807d7788b01e51cc594.tar.xz |
Thu Jul 21 18:13:18 UTC 202220220721181318_15.0
patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause
an out-of-bounds memory access.
A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL
pointer dereference.
Improper Input Validation when SETing malformed OIDs in master agent and
subagent simultaneously.
A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable
can cause an out-of-bounds memory access.
A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a
NULL pointer dereference.
A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer
dereference.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810
(* Security fix *)
Diffstat (limited to 'patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch')
-rw-r--r-- | patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch b/patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch new file mode 100644 index 000000000..495fccba6 --- /dev/null +++ b/patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch @@ -0,0 +1,30 @@ +1134475 - dependency in perl package + +Use hardcoded path to configuration directories instead of net-snmp-config. +net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl +depending on -devel. + +diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert +--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200 +@@ -819,8 +819,7 @@ sub set_default { + sub cfg_path { + my $path; + +- $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`; +- chomp $path; ++ $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp"; + return (wantarray ? split(':', $path) : $path); + } + +@@ -1414,8 +1413,8 @@ sub checkReqs { + die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later") + if ($ossl_ver cmp $ossl_min_ver) < 0; + +- die("$NetSNMP::Cert::CFGTOOL not found: please install") +- if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1"); ++# die("$NetSNMP::Cert::CFGTOOL not found: please install") ++# if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1"); + } + + sub initOpts { |