Oval Definition:	oval:org.opensuse.security:def:659
Revision Date: 2022-10-07 Version: 1 Title: Security update for net-snmp (Moderate) (in QA) Description: This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. This patch is currently in QA and not yet available for download. Family: unix Class: patch Status: Reference(s): 1201103 CVE-2007-3126 CVE-2013-5653 CVE-2015-3228 CVE-2016-10217 CVE-2016-10218 CVE-2016-10219 CVE-2016-10220 CVE-2016-10317 CVE-2016-4994 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2016-9957 CVE-2016-9957 CVE-2016-9958 CVE-2016-9958 CVE-2016-9959 CVE-2016-9959 CVE-2016-9960 CVE-2016-9960 CVE-2016-9961 CVE-2016-9961 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 CVE-2017-9216 CVE-2018-10194 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-6616 CVE-2019-10216 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-14869 CVE-2019-3835 CVE-2019-3838 CVE-2019-6116 CVE-2020-12268 CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 Platform(s): openSUSE 13.1 openSUSE Leap 15.4 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 Product(s): Definition Synopsis openSUSE Leap 15.4 is installed AND Package Information libsnmp40-5.9.3-150300.15.3.1 is installed OR libsnmp40-32bit-5.9.3-150300.15.3.1 is installed OR net-snmp-5.9.3-150300.15.3.1 is installed OR net-snmp-devel-5.9.3-150300.15.3.1 is installed OR net-snmp-devel-32bit-5.9.3-150300.15.3.1 is installed OR perl-SNMP-5.9.3-150300.15.3.1 is installed OR python3-net-snmp-5.9.3-150300.15.3.1 is installed OR snmp-mibs-5.9.3-150300.15.3.1 is installed Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information ruby2.1-rubygem-chef-10.32.2-3 is installed OR rubygem-chef-10.32.2-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information MozillaFirefox-31.1.0esr-1 is installed OR MozillaFirefox-translations-31.1.0esr-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libldb1-1.1.26-10 is installed OR libldb1-32bit-1.1.26-10 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information ghostscript-9.52-3.27.2 is installed OR ghostscript-devel-9.52-3.27.2 is installed OR ghostscript-x11-9.52-3.27.2 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Workstation Extension 15 SP3 is installed AND Package Information gimp-2.10.12-7.25 is installed OR gimp-devel-2.10.12-7.25 is installed OR gimp-lang-2.10.12-7.25 is installed OR gimp-plugins-python-2.10.12-3.3.7 is installed OR libgimp-2_0-0-2.10.12-7.25 is installed OR libgimpui-2_0-0-2.10.12-7.25 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 is installed AND Package Information ruby2.5-rubygem-sprockets-3.7.2-3.3 is installed OR rubygem-sprockets-3.7.2-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 is installed AND Package Information qemu-2.11.2-9.17 is installed OR qemu-tools-2.11.2-9.17 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information ghostscript-9.52-3.27 is installed OR ghostscript-devel-9.52-3.27 is installed OR ghostscript-x11-9.52-3.27 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information libgme-devel-0.6.2-1 is installed OR libgme0-0.6.2-1 is installed Definition Synopsis SUSE Linux Enterprise Module for Development Tools 15 is installed AND Package Information kernel-docs-4.12.14-25.16 is installed OR kernel-obs-build-4.12.14-25.16 is installed OR kernel-source-4.12.14-25.16 is installed OR kernel-syms-4.12.14-25.16 is installed OR kernel-vanilla-4.12.14-25.16 is installed OR kernel-vanilla-base-4.12.14-25.16 is installed OR lttng-modules-2.10.0-5.6 is installed OR lttng-modules-kmp-default-2.10.0_k4.12.14_25.16-5.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND kernel-livepatch-tools-1.1-5.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 15 is installed AND Package Information kernel-azure-4.12.14-5.5 is installed OR kernel-azure-base-4.12.14-5.5 is installed OR kernel-azure-devel-4.12.14-5.5 is installed OR kernel-devel-azure-4.12.14-5.5 is installed OR kernel-source-azure-4.12.14-5.5 is installed OR kernel-syms-azure-4.12.14-5.5 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information ovmf-2017+git1510945757.b2662641d5-5.3 is installed OR ovmf-tools-2017+git1510945757.b2662641d5-5.3 is installed OR qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3 is installed OR qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 is installed AND Package Information nodejs8-8.11.3-3.5 is installed OR nodejs8-devel-8.11.3-3.5 is installed OR nodejs8-docs-8.11.3-3.5 is installed OR npm8-8.11.3-3.5 is installed
BACK