jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
187e5c0ef0
csaf2cusa/cvrfs/2022/cvrf-openEuler-SA-2022-1888.xml
Jia Chao 0b84f3c661 增加测试用的配置和目录 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-02 15:51:55 +08:00

371 lines
22 KiB
XML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2022-1888</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2022-09-02</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2022-09-02</InitialReleaseDate>
<CurrentReleaseDate>2022-09-02</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2022-09-02</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">net-snmp security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes:
+ - An extensible agent for responding to SNMP queries including built-in
+ support for a wide range of MIB information modules
+ - Command-line applications to retrieve and manipulate information from
+ SNMP-capable devices
+ - A daemon application for receiving SNMP notifications
+ - A library for developing new SNMP applications, with C and Perl APIs
+ - A graphical MIB browser.
Security Fix(es):
https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES
CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24809)
CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.
https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES(CVE-2022-24807)
https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES
CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference(CVE-2022-24808)
+*5.9.2*:
+ security:
+ - These two CVEs can be exploited by a user with read-only credentials:
+ - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
+ NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
+ - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
+ can cause a NULL pointer dereference.
+ - These CVEs can be exploited by a user with read-write credentials:
+ - CVE-2022-24806 Improper Input Validation when SETing malformed
+ OIDs in master agent and subagent simultaneously
+ - CVE-2022-24807 A malformed OID in a SET request to
+ SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
+ out-of-bounds memory access.
+ - CVE-2022-24808 A malformed OID in a SET request to
+ NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
+ - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
+ can cause a NULL pointer dereference.
+ - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
+ If you must use SNMPv1 or SNMPv2c, use a complex community string
+ and enhance the protection by restricting access to a given IP address range.
+ - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
+ reporting the following CVEs that have been fixed in this release, and
+ to Arista Networks for providing fixes.(CVE-2022-24805)
https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES
CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.(CVE-2022-24810)
From https://github.com/net-snmp/net-snmp/blob/v5.9.2/CHANGES
CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously(CVE-2022-24806)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for net-snmp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">net-snmp</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24809</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24807</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24808</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24805</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24810</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24806</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24809</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24807</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24808</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24805</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24810</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-24806</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debuginfo-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-debuginfo-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-perl-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-perl-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-net-snmp-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-libs-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-libs-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-gui-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-gui-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-devel-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-devel-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debugsource-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-debugsource-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-devel-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-devel-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-net-snmp-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-libs-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-libs-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-gui-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-gui-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debuginfo-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-debuginfo-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debugsource-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-debugsource-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-perl-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-perl-5.9-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-perl-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-perl-5.9.1-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debuginfo-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-debuginfo-5.9.1-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-devel-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-devel-5.9.1-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-gui-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-gui-5.9.1-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-libs-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-libs-5.9.1-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debugsource-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-debugsource-5.9.1-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-5.9.1-3.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-net-snmp-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-net-snmp-5.9.1-3.oe2203.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="net-snmp-help-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-help-5.9-6.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="net-snmp-help-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-help-5.9-6.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="net-snmp-help-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-help-5.9.1-3.oe2203.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-5.9-6.oe1.src.rpm</FullProductName>
<FullProductName ProductID="net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-5.9-6.oe1.src.rpm</FullProductName>
<FullProductName ProductID="net-snmp-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-5.9.1-3.oe2203.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="python3-net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-net-snmp-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debuginfo-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-debuginfo-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debugsource-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-debugsource-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-devel-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-devel-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-gui-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-gui-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-perl-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-perl-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-libs-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">net-snmp-libs-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debugsource-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-debugsource-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-gui-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-gui-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-devel-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-devel-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-perl-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-perl-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-net-snmp-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debuginfo-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-debuginfo-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-libs-5.9-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">net-snmp-libs-5.9-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-5.9.1-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-gui-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-gui-5.9.1-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-net-snmp-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-net-snmp-5.9.1-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-perl-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-perl-5.9.1-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debuginfo-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-debuginfo-5.9.1-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-debugsource-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-debugsource-5.9.1-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-devel-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-devel-5.9.1-3.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="net-snmp-libs-5.9.1-3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">net-snmp-libs-5.9.1-3.oe2203.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">No description is available for this CVE.</Note>
</Notes>
<ReleaseDate>2022-09-02</ReleaseDate>
<CVE>CVE-2022-24809</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.9</BaseScore>
<Vector>AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>net-snmp security update</Description>
<DATE>2022-09-02</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">No description is available for this CVE.</Note>
</Notes>
<ReleaseDate>2022-09-02</ReleaseDate>
<CVE>CVE-2022-24807</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.9</BaseScore>
<Vector>AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>net-snmp security update</Description>
<DATE>2022-09-02</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">No description is available for this CVE.</Note>
</Notes>
<ReleaseDate>2022-09-02</ReleaseDate>
<CVE>CVE-2022-24808</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.9</BaseScore>
<Vector>AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>net-snmp security update</Description>
<DATE>2022-09-02</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">No description is available for this CVE.</Note>
</Notes>
<ReleaseDate>2022-09-02</ReleaseDate>
<CVE>CVE-2022-24805</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.7</BaseScore>
<Vector>AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>net-snmp security update</Description>
<DATE>2022-09-02</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">No description is available for this CVE.</Note>
</Notes>
<ReleaseDate>2022-09-02</ReleaseDate>
<CVE>CVE-2022-24810</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.9</BaseScore>
<Vector>AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>net-snmp security update</Description>
<DATE>2022-09-02</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="6" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="6" xml:lang="en">No description is available for this CVE.</Note>
</Notes>
<ReleaseDate>2022-09-02</ReleaseDate>
<CVE>CVE-2022-24806</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.9</BaseScore>
<Vector>AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>net-snmp security update</Description>
<DATE>2022-09-02</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1888</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink