StarlingX

[Debian] CVE: CVE-2022-24805/CVE-2022-24806/.../CVE-2022-24810: net-snmp: multiple

Bug #2020729 reported by Yue Tao on 2023-05-25

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Zhixiong Chi

Bug Description

CVE-2022-24805: https://nvd.nist.gov/vuln/detail/CVE-2022-24805

CVE-2022-24806: https://nvd.nist.gov/vuln/detail/CVE-2022-24806

CVE-2022-24807: https://nvd.nist.gov/vuln/detail/CVE-2022-24807

CVE-2022-24808: https://nvd.nist.gov/vuln/detail/CVE-2022-24808

CVE-2022-24809: https://nvd.nist.gov/vuln/detail/CVE-2022-24809

CVE-2022-24810: https://nvd.nist.gov/vuln/detail/CVE-2022-24810

Base Score: High (refer to https://www.tenable.com/plugins/nessus/164160)

References:

['libsnmp-base_5.9+dfsg-3_all.deb===>libsnmp-base_5.9+dfsg-4+deb11u1_all.deb', 'libsnmp40_5.9+dfsg-3_amd64.deb===>libsnmp40_5.9+dfsg-4+deb11u1_amd64.deb']

https://www.debian.org/security/2022/dsa-5209

Tags:

CVE References

Yue Tao (wrytao) on 2023-05-25

Changed in starlingx:
importance:	Undecided → High
status:	New → Triaged
tags:	added: stx.9.0
tags:	added: stx.security

Zhixiong Chi (zhixiongchi) on 2023-05-25

Changed in starlingx:
assignee:	nobody → Zhixiong Chi (zhixiongchi)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-29: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/884589

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-31: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/884589
Committed: https://opendev.org/starlingx/tools/commit/8923527683178de49fd78e25406a096597c93278
Submitter: "Zuul (22348)"
Branch: master

commit 8923527683178de49fd78e25406a096597c93278
Author: Zhixiong Chi <email address hidden>
Date: Thu May 25 18:00:27 2023 +0800

net-snmp: fix multiple CVEs

    Upgrade sub-packages to 5.9+dfsg-4+deb11u1 for the CVEs:
    CVE-2022-24805
    CVE-2022-24806
    CVE-2022-24807
    CVE-2022-24808
    CVE-2022-24809
    CVE-2022-24810

Refer to:
https://www.debian.org/security/2022/dsa-5209

    TestPlan:
    PASS: downloader
    PASS: build-pkgs -a -c
    PASS: build-image
    PASS: Jenkins Installation.
    PASS: dpkg -l |grep libsnmp
    ii libsnmp-base 5.9+dfsg-4+deb11u1
    ii libsnmp40:amd64 5.9+dfsg-4+deb11u1

Closes-Bug: 2020729

Signed-off-by: Zhixiong Chi <email address hidden>
Change-Id: Ic8530f2e19c4fdfe11f05db83a35c84a756a76dd

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.