ELA-257-1 net-snmp security update

privilege escalation vulnerability

2020-08-04
Packagenet-snmp
Version5.7.2.1+dfsg-1+deb8u4
Related CVEs CVE-2020-15861 CVE-2020-15862

A privilege escalation vulnerability was discovered in Net-SNMP due to incorrect symlink handling (CVE-2020-15861).

This security update also applies an upstream fix to their previous handling of CVE-2020-15862 as part of ELA-252-1.

For Debian 8 Jessie, these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u4.

We recommend that you upgrade your net-snmp packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/