diff options
| author | Peter Marko <peter.marko@siemens.com> | 2026-01-07 23:11:17 +0100 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-01-12 07:50:50 +0530 |
| commit | 98f1eff43277eb499b1d99f53b19973647c55499 (patch) | |
| tree | 70dec8d02716e80210093f14544486850c1b05ee /meta-networking | |
| parent | 1477114ae4c878f8310d37efc3e9d5ea5171e75d (diff) | |
| download | meta-openembedded-98f1eff43277eb499b1d99f53b19973647c55499.tar.gz | |
net-snmp: patch CVE-2025-68615
Pick patch per [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-68615
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch | 33 | ||||
| -rw-r--r-- | meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch new file mode 100644 index 0000000000..865a6187c7 --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | From b4e6f826d9ddcc2d72eac432746807e1234266db Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Bart Van Assche <bvanassche@acm.org> | ||
| 3 | Date: Sun, 2 Nov 2025 14:48:55 -0800 | ||
| 4 | Subject: [PATCH] snmptrapd: Fix out-of-bounds trapOid[] accesses | ||
| 5 | |||
| 6 | Fixes: https://issues.oss-fuzz.com/issues/457106694 | ||
| 7 | Fixes: https://issues.oss-fuzz.com/issues/458668421 | ||
| 8 | Fixes: https://issues.oss-fuzz.com/issues/458876071 | ||
| 9 | |||
| 10 | CVE: CVE-2025-68615 | ||
| 11 | Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/b4e6f826d9ddcc2d72eac432746807e1234266db] | ||
| 12 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 13 | --- | ||
| 14 | apps/snmptrapd_handlers.c | 6 ++++++ | ||
| 15 | 1 file changed, 6 insertions(+) | ||
| 16 | |||
| 17 | diff --git a/apps/snmptrapd_handlers.c b/apps/snmptrapd_handlers.c | ||
| 18 | index 6cd126f26..afd93ed0f 100644 | ||
| 19 | --- a/apps/snmptrapd_handlers.c | ||
| 20 | +++ b/apps/snmptrapd_handlers.c | ||
| 21 | @@ -1112,6 +1112,12 @@ snmp_input(int op, netsnmp_session *session, | ||
| 22 | */ | ||
| 23 | if (pdu->trap_type == SNMP_TRAP_ENTERPRISESPECIFIC) { | ||
| 24 | trapOidLen = pdu->enterprise_length; | ||
| 25 | + /* | ||
| 26 | + * Drop packets that would trigger an out-of-bounds trapOid[] | ||
| 27 | + * access. | ||
| 28 | + */ | ||
| 29 | + if (trapOidLen < 1 || trapOidLen > OID_LENGTH(trapOid) - 2) | ||
| 30 | + return 1; | ||
| 31 | memcpy(trapOid, pdu->enterprise, sizeof(oid) * trapOidLen); | ||
| 32 | if (trapOid[trapOidLen - 1] != 0) { | ||
| 33 | trapOid[trapOidLen++] = 0; | ||
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb index 95e900b88e..d45cee86f5 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb | |||
| @@ -30,6 +30,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ | |||
| 30 | file://0001-Android-Fix-the-build.patch \ | 30 | file://0001-Android-Fix-the-build.patch \ |
| 31 | file://netsnmp-swinst-crash.patch \ | 31 | file://netsnmp-swinst-crash.patch \ |
| 32 | file://net-snmp-5.9.4-kernel-6.7.patch \ | 32 | file://net-snmp-5.9.4-kernel-6.7.patch \ |
| 33 | file://CVE-2025-68615.patch \ | ||
| 33 | " | 34 | " |
| 34 | SRC_URI[sha256sum] = "8b4de01391e74e3c7014beb43961a2d6d6fa03acc34280b9585f4930745b0544" | 35 | SRC_URI[sha256sum] = "8b4de01391e74e3c7014beb43961a2d6d6fa03acc34280b9585f4930745b0544" |
| 35 | 36 | ||
