Debian 10267 Published by

A net-snmp security update has been released for Debian GNU/Linux 9 LTS to address a privilege escalation vulnerability due to incorrect symlink handling.



DLA 2313-1: net-snmp security update



- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2313-1 debian-lts@lists.debian.org
  https://www.debian.org/lts/security/ Chris Lamb
August 04, 2020   https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : net-snmp
Version : 5.7.3+dfsg-1.7+deb9u3
CVE IDs : CVE-2020-15861 CVE-2020-15862
Debian Bug : #966599

A privilege escalation vulnerability was discovered in Net-SNMP, a
set of tools for collecting and organising information about devices
on computer networks, due to incorrect symlink handling
(CVE-2020-15861).

This security update also applies an upstream fix to their previous
handling of CVE-2020-15862 as part of DLA-2299-1.

For Debian 9 "Stretch", these problems have been fixed in version
5.7.3+dfsg-1.7+deb9u3.

We recommend that you upgrade your net-snmp packages.

For the detailed security status of net-snmp please refer to
its security tracker page at:
  https://security-tracker.debian.org/tracker/net-snmp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS