Your message dated Sat, 24 Jan 2026 23:47:48 +0000
with message-id <[email protected]>
and subject line Bug#1123861: fixed in net-snmp 5.9.4+dfsg-2+deb13u1
has caused the Debian Bug report #1123861,
regarding snmptrapd: CVE-2025-68615 snmptrapd buffer overflow and daemon crash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123861
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: snmptrapd
Version: 5.9.4+dfsg-2
Severity: critical
Tags: security upstream
Justification: causes serious data loss
X-Debbugs-Cc: Debian Security Team <[email protected]>
In snmptrapd versions below 5.9.5 a specially crafted packet can cause
the daemon to have a buffer overflow and the daemon to crash.
Haven't yet isolated the specific patch for backporting yet.
On Debian systems with the default setup, snmptrapd runs as user
Debian-snmp however it is possible to run as root.
CVE-2025-68615 has a CVSS score of 9.8 and doesn't need authentication.
References:
https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
https://nvd.nist.gov/vuln/detail/CVE-2025-68615
-- System Information:
Debian Release: 13.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.57+deb13-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages snmptrapd depends on:
ii init-system-helpers 1.69~deb13u1
ii libc6 2.41-12
ii libnetsnmptrapd40t64 5.9.4+dfsg-2
ii libsnmp40t64 5.9.4+dfsg-2
ii libwrap0 7.6.q-36
ii snmpd 5.9.4+dfsg-2
Versions of packages snmptrapd recommends:
ii perl 5.40.1-6
snmptrapd suggests no packages.
-- Configuration Files:
/etc/snmp/snmptrapd.conf changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: net-snmp
Source-Version: 5.9.4+dfsg-2+deb13u1
Done: Craig Small <[email protected]>
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Dec 2025 07:29:38 +1100
Source: net-snmp
Architecture: source
Version: 5.9.4+dfsg-2+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Closes: 1123861
Changes:
net-snmp (5.9.4+dfsg-2+deb13u1) trixie-security; urgency=high
.
* Security patch
- Fixed a critical vulnerability in snmptrapd triggered by a specially
crafted trap CVE-2025-68615 Closes: #1123861
Checksums-Sha1:
a3bbbc3a2f87cc217cba41fb4f7d77452fcdab17 2820 net-snmp_5.9.4+dfsg-2+deb13u1.dsc
831b2bf6ca9abd04ad5971007dc3d0637beb003a 3568888
net-snmp_5.9.4+dfsg.orig.tar.xz
5c15c7dc17eaa1b206d2891cf56fc1865d61538f 72276
net-snmp_5.9.4+dfsg-2+deb13u1.debian.tar.xz
a6e489c1b3e144d83df8bb68ae73cc7d56171c78 6384
net-snmp_5.9.4+dfsg-2+deb13u1_source.buildinfo
Checksums-Sha256:
652fd8b6b5c1d9ef777026b773b4d101db65f0033c0de1e70c1e1a1860963dca 2820
net-snmp_5.9.4+dfsg-2+deb13u1.dsc
3b10ece3ef1975a66b4bb0b4fe8f0430e887f5d7d3278128e268197ee6653369 3568888
net-snmp_5.9.4+dfsg.orig.tar.xz
8dd702ef4371f48a31d4df7884b8e11c7d3aeda99bc88d7b02b9e2db6b690d81 72276
net-snmp_5.9.4+dfsg-2+deb13u1.debian.tar.xz
9013b3305ad27730961e948277083d47a5dbed14db47c27baf09c37cb4239b2f 6384
net-snmp_5.9.4+dfsg-2+deb13u1_source.buildinfo
Files:
f026b1fdc567ca864cdbfdc2af2429a9 2820 net optional
net-snmp_5.9.4+dfsg-2+deb13u1.dsc
9ac63dab33573024be2e08308a9d2124 3568888 net optional
net-snmp_5.9.4+dfsg.orig.tar.xz
51fdf6811e97462815643f0c58aae47a 72276 net optional
net-snmp_5.9.4+dfsg-2+deb13u1.debian.tar.xz
e03df79315efb6d7176b4f03e14787ba 6384 net optional
net-snmp_5.9.4+dfsg-2+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmllL+hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQ54QAIPk5mfXcBUym07tZ3As9lIyeE4m1/cO
RHIhIlXaLurf9ZLNS2Tg59gpYxq8ebdRAJhqS5kAdMcoEBQx6A0sJzECkM1xBYrj
gyGe7SWu3zcrunuOn6fGzpKLN2KiylS1GcTevbyhEHNvufOd+JIuJc2jJSNAZxeC
nSveRX6AAxfmd04RZF0W1yHDVC/t2yGudn2qFEhL0t8mS+OBXk47yJo2XIQfVvzC
DPVkcQwcLhM0Y/KCueLsWLu6YQgMnfLEZj/rid4Wh0vTB42r6VrYRurEIoaL2jIm
LnTQ7yHRGrUVhVA1dWnT7cTC3NnbZLG5kbVVXAwCpVy96HiDUjhOdYD3NMkj7yHv
mR4eDIWxSybyNqM1Y1mkE3n7HMflYfvj0J6PX+oazDZHUVau9yHcck9X5Yojt3JO
zDEDO3mT8DzlCrjYf4Kp5cA4lNbsYJ1RaUOHBVnfLFgHS2u8vpIrYpKAWpbKC7+r
vcstTx4kdEWuQvZ01xPGPuoDOOek4vAubFilwOpVAOsR7dcC2xFOhGJN7iThSP+z
rQtO3q6CbLVueumllJmstx8IwS+5RlG4b2vcI1TOt798mSrahNPERb+eZMH0svYK
9BW7TDuCASU8hEs00PtuR6ZmHVuVrO2gNDA9Rck01asoVFsZxl2D6yVORC7Q1zTB
QVnqidp13kMk
=fOpY
-----END PGP SIGNATURE-----
pgpLcQoa2sBIZ.pgp
Description: PGP signature
--- End Message ---
