USN-5543-1: Net-SNMP vulnerabilities

Releases

• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• net-snmp - SNMP (Simple Network Management Protocol) server and applications

Details

Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled
memory operations when processing certain requests. A remote attacker could
use this issue to cause Net-SNMP to crash, resulting in a denial of
service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• libsnmp40 - 5.9.1+dfsg-1ubuntu2.2
• snmp - 5.9.1+dfsg-1ubuntu2.2
• libsnmp-perl - 5.9.1+dfsg-1ubuntu2.2
• snmpd - 5.9.1+dfsg-1ubuntu2.2

Ubuntu 20.04

• snmp - 5.8+dfsg-2ubuntu2.4
• libsnmp-perl - 5.8+dfsg-2ubuntu2.4
• snmpd - 5.8+dfsg-2ubuntu2.4
• libsnmp35 - 5.8+dfsg-2ubuntu2.4

Ubuntu 18.04

• libsnmp-perl - 5.7.3+dfsg-1.8ubuntu3.7
• snmp - 5.7.3+dfsg-1.8ubuntu3.7
• libsnmp30 - 5.7.3+dfsg-1.8ubuntu3.7
• snmpd - 5.7.3+dfsg-1.8ubuntu3.7

After a standard system update you need to restart snmpd to make all the
necessary changes.

References

• CVE-2022-24806
• CVE-2022-24808
• CVE-2022-24809
• CVE-2022-24805
• CVE-2022-24810
• CVE-2022-24807

Related notices

• USN-5795-2: libsnmp30, snmptrapd, libsnmp-perl, snmp, snmpd, python-netsnmp, libsnmp-base, net-snmp, tkmib, libsnmp-dev