-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : net-snmp Version : 5.7.3+dfsg-1.7+deb9u2 Debian Bug : #965166
A privilege escalation vulnerability vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks. Upstream notes that: * It is still possible to enable this MIB via the --with-mib-modules configure option. * Another MIB that provides similar functionality, namely ucd-snmp/extensible, is disabled by default. * The security risk of ucd-snmp/pass and ucd-snmp/pass_persist is lower since these modules only introduce a security risk if the invoked scripts are exploitable. For Debian 9 "Stretch", this issue has been fixed in net-snmp version 5.7.3+dfsg-1.7+deb9u2. We recommend that you upgrade your net-snmp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl8ipu4ACgkQHpU+J9Qx HliITw/9H3ImNPiBifHl3+3YhLaFME7/0QbkBK9LEJZHz2MEg2bjNUOQFbVFbQ7u 0ZAW2q6KbWqM48bczv48ZgBs2Zu/2igcuiHyCjYN78B6sPeKkqUyeobnpu3bvzV5 ArMs7PWKJbQHaSbrn7UAEtT6lKajDGBMkyeF8XTXhBKDJfC1OYGzi4NErNW6Ek9e 7t0iEXvnsXdyUAF+WlHdvortQg1kT6/fYx4Yg/6soYfREHbLukrC8D7wnnik1Ssz J/m85FXqFitZEpKXBEqPFqdHaykoYVoFehXavIEOtLGMSmuW+eXLqNUiQW5jL0jY tv6Cf5IdU81Gc1XXHuJ+Yg/Yz+w7YkHiYX+VWQMdvYp2mF70AKrafEtwWXZ8ZKca lK4N1lLmtbTJmdxEMAyTFeyEH0U5s/UkKCG07coa58uLY56u69FOcUiHpbASAeLp iGLafbByqXvkuD996FWl32E12uhYajtGJo/2k9WiQgQwf3kmlFyosqGj6kdX5NtP QmWXNTzIpB2hn4zoSsB5dpBDJksClhqd8a37xdiBa15qp0jb1Vw0+mbh/oILzSuu pvFbLf5VuZoPMSV5IC46lRAFpJr7GleXuaXmIwhZe8hF7v4zTfHhQVc7Q2jWwBzt CbK/+1jDDXUwAUpnjP1HnQ1ZFQ8kOgDdgVw/9AcbI6v1T/A862s= =5KZK -----END PGP SIGNATURE-----
