Your message dated Sat, 24 Jan 2026 11:34:34 +0000
with message-id <[email protected]>
and subject line Bug#1123861: fixed in net-snmp 5.9.3+dfsg-2+deb12u1
has caused the Debian Bug report #1123861,
regarding snmptrapd: CVE-2025-68615 snmptrapd buffer overflow and daemon crash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123861
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: snmptrapd
Version: 5.9.4+dfsg-2
Severity: critical
Tags: security upstream
Justification: causes serious data loss
X-Debbugs-Cc: Debian Security Team <[email protected]>
In snmptrapd versions below 5.9.5 a specially crafted packet can cause
the daemon to have a buffer overflow and the daemon to crash.
Haven't yet isolated the specific patch for backporting yet.
On Debian systems with the default setup, snmptrapd runs as user
Debian-snmp however it is possible to run as root.
CVE-2025-68615 has a CVSS score of 9.8 and doesn't need authentication.
References:
https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
https://nvd.nist.gov/vuln/detail/CVE-2025-68615
-- System Information:
Debian Release: 13.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.57+deb13-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages snmptrapd depends on:
ii init-system-helpers 1.69~deb13u1
ii libc6 2.41-12
ii libnetsnmptrapd40t64 5.9.4+dfsg-2
ii libsnmp40t64 5.9.4+dfsg-2
ii libwrap0 7.6.q-36
ii snmpd 5.9.4+dfsg-2
Versions of packages snmptrapd recommends:
ii perl 5.40.1-6
snmptrapd suggests no packages.
-- Configuration Files:
/etc/snmp/snmptrapd.conf changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: net-snmp
Source-Version: 5.9.3+dfsg-2+deb12u1
Done: Craig Small <[email protected]>
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 30 Dec 2025 12:46:17 +1100
Source: net-snmp
Architecture: source
Version: 5.9.3+dfsg-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Closes: 1069087 1123861
Changes:
net-snmp (5.9.3+dfsg-2+deb12u1) bookworm-security; urgency=high
.
* Security patch
- Fixed a critical vulnerability in snmptrapd triggered by a specially
crafted trap CVE-2025-68615 Closes: #1123861
* Update systemstats_linux to get expected header length Closes: #1069087
Checksums-Sha1:
5d9d4d991f150e9751d172a808ea0691366bdac3 2786 net-snmp_5.9.3+dfsg-2+deb12u1.dsc
290262e817a0c9fe27565da4bf1a3b4823986b2e 3545096
net-snmp_5.9.3+dfsg.orig.tar.xz
a57839a9e61ae80a134d139f99cc310b3abd1359 72100
net-snmp_5.9.3+dfsg-2+deb12u1.debian.tar.xz
2694df599d52e00edfeb069ed8236625ae53841a 6384
net-snmp_5.9.3+dfsg-2+deb12u1_source.buildinfo
Checksums-Sha256:
b5760c25db1133c08d634f23881f0d8039f66ecabbd6dca16ca92b7e1eab9f67 2786
net-snmp_5.9.3+dfsg-2+deb12u1.dsc
b78f93276a80d40726d94956aa7d06fd8752b5c0624af5bbf155cbc33fd521d1 3545096
net-snmp_5.9.3+dfsg.orig.tar.xz
42bfdc8dff259be56735b0d48a4cbd85f45ff40d0bea86fceaf88ba7a6dc735f 72100
net-snmp_5.9.3+dfsg-2+deb12u1.debian.tar.xz
0d039345ca44e80bda9b43a417dfefceb7d3c4c8bb69ba0cdf5717749eb2ee3b 6384
net-snmp_5.9.3+dfsg-2+deb12u1_source.buildinfo
Files:
e86a5a6c403adfe972b7fcce4e4c180e 2786 net optional
net-snmp_5.9.3+dfsg-2+deb12u1.dsc
cb1dd152d16ea204e7b026937f152b38 3545096 net optional
net-snmp_5.9.3+dfsg.orig.tar.xz
89631c1644f7a1603a8511937be04528 72100 net optional
net-snmp_5.9.3+dfsg-2+deb12u1.debian.tar.xz
f2854e2912e626b481afd9b6fe536412 6384 net optional
net-snmp_5.9.3+dfsg-2+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmljsqNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E0dMP/1J4jbougO4ds4iLKoq4g1TFRbT/AG/g
vTD45Z6c9d0Xo6bGfNZCFeZl5x38WxQNS8Hg1YNq0rHoCrn2zYVuUHo3emHrQR8j
WEfiAuuFOEXsh5wZtqGTskChCvTw0ZFPqSMMF9Rxj0AqDbaKN+rulnv/POgEFxtU
VlzFlegwGehg18AEiNPIa5b7fk/EEyOzJDmoJK6gzGF+nr3s0eDdiVEZb+78p1qo
tWTIq67SIGiTPvWUuO2uPgqvpK9DOuW1OVKk15vOAQe60fgn7hbwPBLWg5xvgWp6
l69wIauX3QDrVvYIENTBuJRwLf5WYSjBU51jy8eDwWoWrZqkhq1Eb9QSD3LNRwit
sauT7qQRpLi9waiEL6WdwDvcTyHssQtgWy4Gy8SODVdH4DelEev/p0Mw1UDvQxTM
C/08Re6ahTrq1x5cBsQd7tkhCJPY3wzFygJrl96z6JK0vL6bnGmFOZ5I+qifkFXA
Z72ZMBfH7PmP+GeRMWH1wxgav3z4y5pKb0Qo7UJPMiGXKHBPIpvBtYbrk5Rhv6Em
dBtNQWgB46VgE3AnLPW0nPOjCvlG0sosKryRwqgJrQJ19YTvSBJjc/+xjqAXjkcI
0HyzbVGE/wB1OYkL5fq+3bOTwZr4xGohy3F0XRvragSHAuh4XbCEGVB+Fs/nDUR0
5aLJ1Slq1apU
=GUd1
-----END PGP SIGNATURE-----
pgpG9NJF25rqz.pgp
Description: PGP signature
--- End Message ---
