-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2818
net-snmp security update
17 August 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: net-snmp
Publisher: Debian
Operating System: Debian GNU/Linux 10
Impact/Access: Increased Privileges -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-15862 CVE-2020-15861
Reference: ESB-2020.2668
Original Bulletin:
http://www.debian.org/security/2020/dsa-4746
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4746-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 15, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : net-snmp
CVE ID : CVE-2020-15861 CVE-2020-15862
Debian Bug : 965166 966599
Several vulnerabilities were discovered in net-snmp, a suite of Simple
Network Management Protocol applications, which could lead to privilege
escalation.
For the stable distribution (buster), these problems have been fixed in
version 5.7.3+dfsg-5+deb10u1.
We recommend that you upgrade your net-snmp packages.
For the detailed security status of net-snmp please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/net-snmp
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl83zVdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RHJRAAlud7EU1akENqybXbu749ksX7VanPft+CrsjfK9j4qHE4LVIMQP5VqB4o
AM3FV2vzVwkU69ys05L8Pd6P2YolqmJ+Hz97rYETyPu5baxwdI1ifvVBGxx3fdRe
sUhEbUpCtCEaJY2xkM6yV2+wr8FKoDc8mVma2S/Rn+6ad4c+7ZJi1FeEDw0RqUdt
bK9BZbtDo4E9xcHmSwD7bR+x5VjgdbwTbMNJSKnPzZj733IY3oRmNVO7uHVPy1cK
ZyE1pOEOmlt0f+hrya3I5uBx0kz3wiN/FrZ+5/68+KJzPiFJljBWsKgAzx/QNGQ6
WKGrFXWya6NSpVwCrYtq0MaR2YNjjbEzPjF0Na8T/sKtioLD/RbFbLL56MZSnieL
1b4K7L9XS91lZWsIW+47h9KYSUffh0E7/OtbFOH4Xa6K5Pr4wZ2EsFTld0hW0FeZ
LhTYp7aVR14Lzj0sAYLjC/D1zXiHtyLyHK1l7a3ZmPW5z3+vTFE/dUq5zYXNMg2N
rbggt4FkemowZ4ImtsZw0y4mI6VohCh0QMjhkt+Cw9TK/BMnCYZVd3LYZWkRsw/d
EjFfauCnQNk3dB6mKNTky3VovlhEozY7Fo189EkBIFW+5I/7p4kIakTusHfZEhKr
YRI7A1da7rHlg62Xw9aKgleMznfptMmHgB0tciw+OooX5iKMZAI=
=QWm9
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXzngy+NLKJtyKPYoAQgobw/8COR8yQQwoMTQoDh5I1GhnHD8K1W7+Cam
/WLryP/aLyYeVUHmUqSXTr6yFGZPVg/V0N2JkWiz/H2SsaU5//4kYfSNYIvlWOE4
CjSh9c6FXbJ1y4rS7AoaPj1s3/ZLxYV8puqkq7kcuc81Wv5T85o2UTYPOQYKEHSL
v2n4gKaKtV9ixPp4HFX1A37Q0Uonmo7JnC5lddWNsC6ujJ8EJyh60NFlq19ts6aR
q4GfZXTE8OARY6S/aJiG1A4qMVxT5OQ9Q863GwJPF7iz7k5oWiUbITisYXweR72T
sUQFowe/mM2qeV7TrquUrD1Iju+VcolZ1Ya5tzclHQ0azYcOcmsDb6JgIIUaHROP
ZvXsJ0MkDQL4qVfWIqUKrsROCnWYaM70hsyulUfhwJLgfxZwNmRzvS/Cg6XqPWb7
4iYRghW1hB1z7uBHPNGtN5Khz5D/j3OyIrjbpE0D4MjE6XgSkTi4syINS73MR9by
vjWLYgTMdCImZqhIXWTRdgw/iQMhPOUvhV9eSS+83z0HdX8drwF/4CbAcp6t/w5O
MNPm7M+qG3zi8tJKeOmpWp/gLqmv0jxtAkEHwFEtrKsvQiN3kBfuOMRP/RteXZ7w
uWtUF1pZ3R11J4J6H6p9e1C053I0Xpd4MsttAvtIJgzvN2OscPz0vvlprGCw6Ce9
5vyRBlGMHhU=
=kNQC
-----END PGP SIGNATURE-----
https://www.malwaredevil.com/2020/08/17/esb-2020-2818-debian-net-snmp-increased-privileges-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2818-debian-net-snmp-increased-privileges-remote-unauthenticated
No comments:
Post a Comment