安全公告详情

NS-SA-2023-0089

2023-05-30 09:08:34

简介

important: cups/net-snmp security update

严重级别

important

主题

An update for cups/net-snmp is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

cups: CUPS printing system provides a portable printing layer for UNIX® operating systems. It has been developed by Apple Inc. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces.
net-snmp: SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities.


Security Fix(es):
cups: A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.(CVE-2022-26691)
cups: bugfix
net-snmp: Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.(CVE-2020-15862)
net-snmp: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.02B5.

影响组件

  • cups
  • net-snmp

影响产品

  • CGSL MAIN 6.06

更新包

{"fix":[{"product":"CGSL MAIN 6.06","pkgs":[{"binary":["cups-2.2.6-45.zncgsl6_6.2.x86_64.rpm","cups-client-2.2.6-45.zncgsl6_6.2.x86_64.rpm","cups-filesystem-2.2.6-45.zncgsl6_6.2.noarch.rpm","cups-libs-2.2.6-45.zncgsl6_6.2.x86_64.rpm"],"source":"cups-2.2.6-45.zncgsl6_6.2.src.rpm"},{"binary":["net-snmp-5.8-25.0.1.zncgsl6.x86_64.rpm","net-snmp-agent-libs-5.8-25.0.1.zncgsl6.x86_64.rpm","net-snmp-libs-5.8-25.0.1.zncgsl6.x86_64.rpm"],"source":"net-snmp-5.8-25.0.1.zncgsl6.src.rpm"}]}]}
CGSL MAIN 6.06
  • cups-2.2.6-45.zncgsl6_6.2.src.rpm
    • cups-2.2.6-45.zncgsl6_6.2.x86_64.rpm
    • cups-client-2.2.6-45.zncgsl6_6.2.x86_64.rpm
    • cups-filesystem-2.2.6-45.zncgsl6_6.2.noarch.rpm
    • cups-libs-2.2.6-45.zncgsl6_6.2.x86_64.rpm
  • net-snmp-5.8-25.0.1.zncgsl6.src.rpm
    • net-snmp-5.8-25.0.1.zncgsl6.x86_64.rpm
    • net-snmp-agent-libs-5.8-25.0.1.zncgsl6.x86_64.rpm
    • net-snmp-libs-5.8-25.0.1.zncgsl6.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108