webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 20:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0915078267009f6158222cbbebbb23196283fe39
bpfire/config
History
Adolf Belka 0915078267 netsnmpd: Update to version 5.9.3 
- Update from version 5.9.1 to 5.9.3
- Version 5.9.4 exists but it is indicated that SNMP over TLS and/or DTLS is not
   functioning properly with various versions of OpenSSL. However I could not find which
   versions mentioned in the News or Changelog. The problem will be fixed in a future
   version. There are no CVE fixes in 5.9.4, only a relatively few bug fixes so I
   decided to wait for the fixed version in case there are users using TLS with SNMP.
- Update of rootfile
- 6 CVE fixes in 5.9.3
- Changelog
    5.9.3
	    security:
	      - These two CVEs can be exploited by a user with read-only credentials:
	          - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
	            NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
	          - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
	            can cause a NULL pointer dereference.
	      - These CVEs can be exploited by a user with read-write credentials:
	          - CVE-2022-24806 Improper Input Validation when SETing malformed
	            OIDs in master agent and subagent simultaneously
	          - CVE-2022-24807 A malformed OID in a SET request to
	            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
	            out-of-bounds memory access.
	          - CVE-2022-24808 A malformed OID in a SET request to
	            NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
	          - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
	            can cause a NULL pointer dereference.
	      - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
	        If you must use SNMPv1 or SNMPv2c, use a complex community string
	        and enhance the protection by restricting access to a given IP address
		range.
	      - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
	        reporting the following CVEs that have been fixed in this release, and
	        to Arista Networks for providing fixes.
	    misc:
	      - Snmp-create-v3-user: Fix the snmpd.conf path   @datadir@ is
		expanded in ${datarootdir} so datarootdir must be set before
		@datadir@ is used.
	    general: Many bug fixes
    5.9.2
	    skipped due to a last minute library versioning found bug -- use 5.9.3 instead

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2024-08-15 10:45:48 +00:00
..
acpid
apcupsd
apcupsd: Update email scripts to work with dma
2024-07-02 09:17:20 +00:00
avahi
avahi-daemo: remove orange interface
2023-08-21 09:28:21 +00:00
backup
backup.pl: removes any references to ALIENVAULT & SPAMHAUSEDROP from restores
2024-04-19 19:51:24 +00:00
bash
bind
ca-certificates
ca-certificates: Update root CA certificates bundle
2024-07-02 09:08:18 +00:00
calamaris
cdrom
memtest: update to memtest86+ v6.00
2022-11-18 14:37:25 +00:00
cfgroot
ovpnmain.cgi: Unify the error message box
2024-08-14 16:53:54 +00:00
clamav
collectd
services.cgi: Drop the process graphs
2024-08-06 17:14:41 +02:00
cron
crontab: add periodic cleanup the collectd RRD (graphs)
2022-09-23 10:38:11 +00:00
cups
cyrus-sasl
dehydrated
dehydrated: Keep going if re-issuing one certificate fails
2023-07-13 14:29:13 +00:00
dhcpc
dhcpcd: Only try to obtain an IP address for IPv4
2022-12-17 17:20:46 +00:00
dma
dracut
dracut: lower ram usage at compression
2023-05-16 18:52:08 +00:00
elinks
config/elinks/elinks.conf does not have to be executable
2021-05-20 10:01:50 +00:00
etc
sysctl: Conntrack: Disable picking up loose TCP connections
2024-07-02 09:30:28 +00:00
etc-aarch64
Install sysctl.conf only on those architectures where needed
2021-04-11 12:12:56 +00:00
etc-armv6l
switch arm 32 bit arch from armv5tel to armv6l
2021-07-05 07:42:39 +02:00
etc-x86_64
sysctl.conf: remove vm.mmap_rnd_compat_bits from x86_86 config
2023-01-08 17:21:59 +01:00
extrahd
extrahd: add forgotten udev_event handler to mount partitions via udev
2023-09-28 09:17:46 +00:00
findutils
firewall
firewall: Implement generating SYNPROXY rules
2024-07-02 09:30:28 +00:00
flash-images/grub
grub: update to 2.12-rc1
2023-11-24 12:53:51 +00:00
freeradius
fstrim
fwhosts
icmp-types file does not have to be executable
2021-05-04 15:51:15 +00:00
gnump3d
gnump3d: Update perl directory in gnump3d.conf to current version
2023-07-31 09:21:37 +00:00
grub2
dracut: Enable automatic assembly of any RAID/LVM devices
2022-05-16 18:31:12 +00:00
guardian
Bought a 'd' - fixed an old typo
2021-10-13 12:22:49 +00:00
haproxy
hostapd
hostapd: Enable QCA vendor extensions to nl80211
2023-04-24 18:42:25 +00:00
httpd
OpenVPN: Add support for 2FA / One-Time Password
2022-06-17 10:20:17 +00:00
include
initrd/dhcpc
ipblocklist
ipblocklist-sources: Update to include the Abuse.ch Botnet C2 ip blocklist
2024-07-02 09:17:36 +00:00
iptraf-ng
kernel
kernel: update to 6.6.32
2024-05-27 22:03:14 +02:00
lcdproc
lib/firmware/brcm
libid3tag
libid3tag: Addition of pkgconfig file
2021-04-12 09:35:29 +00:00
libvirt
logwatch
ipblocklist: Add neccessary files for logwatch.
2022-07-07 17:28:05 +02:00
lua
lua: Update to version 5.4.4
2022-02-06 10:50:43 +00:00
lvm
lvm: Fixes bug-13151 - update 69-dm-lvm.rules
2023-06-25 13:46:14 +00:00
menu
transmission: add menuentry to transmission webgui
2024-02-11 13:33:39 +01:00
minidlna
monit
mpd
mpd: move scripts and config from mpfire to mpd
2024-02-24 16:39:59 +01:00
mpfire
mpd: move scripts and config from mpfire to mpd
2024-02-24 16:39:59 +01:00
netpbm
netsnmpd
nginx
ntp
Ship NTP changes
2022-06-20 20:43:34 +00:00
ovpn
OpenVPN: Move the OpenSSL configuration file out of /var/ipfire
2024-06-07 16:04:29 +00:00
pmacct
pmacct: fix bug 13159
2023-07-13 14:22:04 +00:00
profile.d
proxy
qemu
Drop support for i586
2021-12-04 23:27:26 +01:00
qos
Revert "parse-func.pl: Adjust regular expression to changed 'tc' output"
2023-06-25 13:42:51 +00:00
rootfiles
netsnmpd: Update to version 5.9.3
2024-08-15 10:45:48 +00:00
rpi-firmware
rpi-firmware: update to 20211127
2021-11-27 14:21:31 +00:00
rsnapshot
rsnapshot: New addon
2023-05-18 11:24:29 +00:00
samba
samba: Add helper script to pipe password
2021-01-27 21:06:57 +00:00
sarg
shadow
shadow: Update login.defs to remove reference to cracklib
2024-03-25 15:59:56 +00:00
ssh
SSH: do not send spoofable TCP keep alive messages
2022-04-23 14:27:56 +00:00
ssl
vpnmain.cgi: Add option to regenerate the host certificate
2024-02-07 11:08:51 +00:00
strongswan
stunnel
suricata
suricata.yaml: Fix Landlock path settings
2024-04-29 12:45:19 +00:00
syslinux
cdrom: Drop menu option for HDT
2022-06-04 08:36:58 +00:00
sysstat
time
tor
transmission
u-boot
u-boot: create signed bootscript at build time
2022-11-21 11:06:52 +00:00
udev
network-hotplug-vlan: Fix for bug 12676
2024-08-03 09:43:41 +00:00
unbound
unbound-dhcp-leases-bridge: Remove unused functions and module imports
2024-05-10 17:53:22 +01:00
updxlrator
Ensure /var/ipfire/updatexlrator/updxlrator-lib.pl is not writable by "nobody"
2022-11-18 13:33:45 +00:00
urlfilter
urlfilter: Download University of Toulouse list via HTTPS
2022-07-09 15:03:12 +00:00
vdr
vdradmin
vim
w_scan
wio
wio: moved files from src/wio directory to standard IPFire location
2023-05-18 09:47:47 +00:00
wpa_supplicant
wpa_supplicant: Import fresh default configuration
2021-01-12 10:39:14 +00:00
xinetd
xtables-addons
xtables-addons: update to 3.13
2021-07-05 07:42:36 +02:00
zabbix_agentd
zabbix_agentd: Add OpenVPN certificates items
2024-02-29 10:26:11 +00:00