ELA-252-1 net-snmp security update
Package net-snmp
ELA-252-1 net-snmp security update
Version 5.7.2.1+dfsg-1+deb8u3
Related CVE CVE-2020-15862
A privilege escalation vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks.
Upstream notes that:
It is still possible to enable this MIB via the --with-mib-modules configure option.
Another MIB that provides similar functionality, namely ucd-snmp/extensible, is disabled by default.
The security risk of ucd-snmp/pass and ucd-snmp/pass_persist is lower since these modules only introduce a security risk if the invoked scripts are exploitable.
For Debian 8 Jessie, these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u3.
We recommend that you upgrade your net-snmp packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
A net-snmp security update has been released for Debian GNU/Linux 8 Extended LTS to address a privilege escalation vulnerability.