DLA 2313-1: net-snmp security update

Debian 10230 Published 2020-08-05 05:24 by Philipp Esselbach

News

A net-snmp security update has been released for Debian GNU/Linux 9 LTS to address a privilege escalation vulnerability due to incorrect symlink handling.

DLA 2313-1: net-snmp security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2313-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
August 04, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : net-snmp
Version : 5.7.3+dfsg-1.7+deb9u3
CVE IDs : CVE-2020-15861 CVE-2020-15862
Debian Bug : #966599

A privilege escalation vulnerability was discovered in Net-SNMP, a
set of tools for collecting and organising information about devices
on computer networks, due to incorrect symlink handling
(CVE-2020-15861).

This security update also applies an upstream fix to their previous
handling of CVE-2020-15862 as part of DLA-2299-1.

For Debian 9 "Stretch", these problems have been fixed in version
5.7.3+dfsg-1.7+deb9u3.

We recommend that you upgrade your net-snmp packages.

For the detailed security status of net-snmp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/net-snmp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

openSUSE-SU-2020:1146-1: important: Security update for ghostscript

Aorus 15G XB Review: Mechanical Prowess and more

DLA 2313-1: net-snmp security update

DLA 2313-1: net-snmp security update

Windows

Linux

macOS

Community