<div class="container">
<h1>Recommended update for net-snmp</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2024:0029-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1181400">bsc#1181400</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206044">bsc#1206044</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214364">bsc#1214364</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-6416">jsc#PED-6416</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-6434">jsc#PED-6434</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-6435">jsc#PED-6435</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that contains three features and has three fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for net-snmp fixes the following issues:</p>
<p>Update to net-snmp-5.9.4 (bsc#1214364 jsc#PED-6435).</p>
<ul>
<li>
<p>5.9.4:</p>
</li>
<li>
<p>libsnmp:</p>
<ul>
<li>Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not
used in the Net-SNMP code base.</li>
<li>DISPLAY-HINT fixes</li>
<li>Miscellanious improvements to the transports</li>
<li>Handle multiple oldEngineID configuration lines </li>
<li>fixes for DNS names longer than 63 characters</li>
</ul>
</li>
<li>
<p>agent:</p>
<ul>
<li>Added a ignoremount configuration option for the HOST-MIB</li>
<li>disallow SETs with a NULL varbind</li>
<li>fix the --enable-minimalist build</li>
</ul>
</li>
<li>
<p>apps:</p>
<ul>
<li>snmpset: allow SET with NULL varbind for testing</li>
<li>snmptrapd: improved MySQL logging code</li>
</ul>
</li>
<li>
<p>general:</p>
<ul>
<li>configure: Remove -Wno-deprecated as it is no longer needed</li>
<li>miscellanious ther bug fixes, build fixes and cleanups</li>
</ul>
</li>
<li>
<p>security:</p>
<ul>
<li>
<p>These two CVEs can be exploited by a user with read-only credentials:</p>
<ul>
<li>CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.</li>
<li>CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.</li>
</ul>
</li>
<li>
<p>These CVEs can be exploited by a user with read-write credentials:</p>
<ul>
<li>CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously</li>
<li>CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.</li>
<li>CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference</li>
<li>CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.<ul>
<li>To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address range.</li>
<li>Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.</li>
</ul>
</li>
</ul>
</li>
<li>
<p>IF-MIB: Update ifTable entries even if the interface name has changed
At least on Linux a network interface index may be reused for a
network interface with a different name. Hence this patch that
enables replacing network interface information even if the network
interface name has changed.</p>
</li>
<li>
<p>unspecified:</p>
</li>
<li>
<p>Moved transport code into a separate subdirectory in snmplib</p>
</li>
<li>
<p>Snmplib: remove inline versions of container funcs".</p>
</li>
<li>
<p>misc:</p>
</li>
<li>
<p>snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.</p>
</li>
</ul>
</li>
<li>
<p>5.9:</p>
</li>
<li>
<p>snmplib:</p>
<ul>
<li>Add IPv6 support to DTLSUDP transport</li>
<li>use new netsnmp_sockaddr_storage in netsnmp_addr_pair</li>
<li>add base_transport ptr for tunneled transports</li>
<li>Dtls: overhaul of debug</li>
<li>Remove inline versions of container funcs</li>
</ul>
</li>
<li>
<p>snmpd:</p>
<ul>
<li>Use ETHTOOL_GLINKSETTINGS when available Newer Linux kernels
support ETHTOOL_GLINKSETTINGS. Use it when available instead of the
older and deprecated ETHTOOL_GSET. This patch avoids that the Linux
kernel reports the following kernel warning: warning: 'snmpd' uses
legacy ethtool link settings API, link modes are only partially
reported See also https://sourceforge.net/p/net-snmp/patches/1387/.</li>
<li>
<p>[BUG 2926]: Make it possible to set agentXPingInterval for a
subagent - register agentXPingInterval for the subagent list
handler, before it was registered for snmp - added agentxTimeout to
the subagent list handler. It's now possible to set for snmpd and
the subagent. See 'man snmpd.conf' - added agentxRetries to the
subagent list handler. See 'man snmpd.conf'. It's never used in the
subagent, but it's now following the documentation Signed-off-by:
Anders Wallin <wallinux@gmail.com></p>
</li>
<li>
<p>snmptrap:</p>
</li>
<li>
<p>BUG: 2899: Patch from Drew Roedersheimer to set library
engineboots/time values before sending</p>
</li>
<li>
<p>snmptrapd:</p>
</li>
<li>
<p>Add support for the latest libmysqlclient version</p>
</li>
<li>
<p>libsnmp:</p>
</li>
<li>
<p>Scan MIB directories in alphabetical order This guarantees that
e.g. mibs/RFC1213-MIB.txt is read before mibs/SNMPv2-MIB.txt. The
order in which these MIBs is read matters because both define
sysLocation but with different attributes.</p>
</li>
</ul>
</li>
<li>
<p>Removing legacy MIBs used by Velocity Software (jsc#PED-6416 jsc#PED-6434).</p>
</li>
<li>Added hardening to systemd service(s) (bsc#1181400, bsc#1206044).</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-29=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-29=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-29=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-29=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
<ul>
<li>net-snmp-debugsource-5.9.4-14.3.1</li>
<li>net-snmp-5.9.4-14.3.1</li>
<li>net-snmp-debuginfo-5.9.4-14.3.1</li>
<li>snmp-mibs-5.9.4-14.3.1</li>
<li>libsnmp40-5.9.4-14.3.1</li>
<li>libsnmp40-debuginfo-5.9.4-14.3.1</li>
<li>perl-SNMP-debuginfo-5.9.4-14.3.1</li>
<li>perl-SNMP-5.9.4-14.3.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
<ul>
<li>libsnmp40-debuginfo-32bit-5.9.4-14.3.1</li>
<li>libsnmp40-32bit-5.9.4-14.3.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>net-snmp-debugsource-5.9.4-14.3.1</li>
<li>net-snmp-5.9.4-14.3.1</li>
<li>net-snmp-debuginfo-5.9.4-14.3.1</li>
<li>snmp-mibs-5.9.4-14.3.1</li>
<li>libsnmp40-5.9.4-14.3.1</li>
<li>libsnmp40-debuginfo-5.9.4-14.3.1</li>
<li>perl-SNMP-debuginfo-5.9.4-14.3.1</li>
<li>perl-SNMP-5.9.4-14.3.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
<ul>
<li>libsnmp40-debuginfo-32bit-5.9.4-14.3.1</li>
<li>libsnmp40-32bit-5.9.4-14.3.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
<ul>
<li>net-snmp-debugsource-5.9.4-14.3.1</li>
<li>net-snmp-5.9.4-14.3.1</li>
<li>net-snmp-debuginfo-5.9.4-14.3.1</li>
<li>snmp-mibs-5.9.4-14.3.1</li>
<li>libsnmp40-5.9.4-14.3.1</li>
<li>libsnmp40-debuginfo-5.9.4-14.3.1</li>
<li>perl-SNMP-debuginfo-5.9.4-14.3.1</li>
<li>perl-SNMP-5.9.4-14.3.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
<ul>
<li>libsnmp40-debuginfo-32bit-5.9.4-14.3.1</li>
<li>libsnmp40-32bit-5.9.4-14.3.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>net-snmp-debuginfo-5.9.4-14.3.1</li>
<li>net-snmp-debugsource-5.9.4-14.3.1</li>
<li>net-snmp-devel-5.9.4-14.3.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1181400">https://bugzilla.suse.com/show_bug.cgi?id=1181400</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206044">https://bugzilla.suse.com/show_bug.cgi?id=1206044</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214364">https://bugzilla.suse.com/show_bug.cgi?id=1214364</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-6416">https://jira.suse.com/browse/PED-6416</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-6434">https://jira.suse.com/browse/PED-6434</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-6435">https://jira.suse.com/browse/PED-6435</a>
</li>
</ul>
</div>