Skip to content

[AUTOPATCHER-CORE] Upgrade net-snmp to 5.9.5 for CVE-2025-68615 [Critical] #15382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CBL-Mariner-Bot wants to merge 4 commits into
base: fasttrack/3.0
Choose a base branch
from
Open

[AUTOPATCHER-CORE] Upgrade net-snmp to 5.9.5 for CVE-2025-68615 [Critical] #15382

CBL-Mariner-Bot wants to merge 4 commits into from
+10 −8

Conversation

@CBL-Mariner-Bot
Copy link
Collaborator

@CBL-Mariner-Bot CBL-Mariner-Bot commented Dec 23, 2025

[AUTOPATCHER-CORE] Upgrade net-snmp to 5.9.5 for CVE-2025-68615
Upgrade pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1011146&view=results

@CBL-Mariner-Bot CBL-Mariner-Bot requested a review from a team as a code owner December 23, 2025 14:02
@Kanishk-Bansal Kanishk-Bansal changed the title [AUTOPATCHER-CORE] Upgrade net-snmp to 5.9.5 for CVE-2025-68615 [AUTOPATCHER-CORE] Upgrade net-snmp to 5.9.5 for CVE-2025-68615 [Critical] Dec 23, 2025
@Kanishk-Bansal
Copy link
Contributor

Kanishk-Bansal commented Dec 23, 2025

Buddy Build

jslobodzian
jslobodzian requested changes Dec 23, 2025
View reviewed changes
Copy link
Collaborator

@jslobodzian jslobodzian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Build failed:

time="2025-12-23T14:29:27Z" level=debug msg="Net-SNMP installed version: 5.9.4 => 5.0904"
time="2025-12-23T14:29:27Z" level=debug msg="Perl Module Version: 5.0905"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg="These versions must match for perfect support of the module. It is possible"
time="2025-12-23T14:29:27Z" level=debug msg="that different versions may work together, but it is strongly recommended"
time="2025-12-23T14:29:27Z" level=debug msg="that you make these two versions identical. You can get the Net-SNMP"
time="2025-12-23T14:29:27Z" level=debug msg="source code and the associated perl modules directly from"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg=" http://www.net-snmp.org/"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg="If you want to continue anyway please set the NETSNMP_DONT_CHECK_VERSION"
time="2025-12-23T14:29:27Z" level=debug msg="environmental variable to 1 and re-run the Makefile.PL script."
time="2025-12-23T14:29:27Z" level=debug msg="make: *** [Makefile:308: perl/Makefile] Error 1"
time="2025-12-23T14:29:27Z" level=debug msg="error: Bad exit status from /var/tmp/rpm-tmp.ZxMdIK (%build)"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg="RPM build warnings:"
time="2025-12-23T14:29:27Z" level=debug msg=" bogus date in %changelog: Fri Apr 07 2022 Minghe Ren mingheren@microsoft.com - 5.9.1-2"
time="2025-12-23T14:29:27Z" level=debug
time="2025-12-23T14:29:27Z" level=debug msg="RPM build errors:"
time="2025-12-23T14:29:27Z" level=debug msg=" Bad exit status from /var/tmp/rpm-tmp.ZxMdIK (%build)"

@Kanishk-Bansal
Copy link
Contributor

Kanishk-Bansal commented Dec 23, 2025

Buddy Build

@Kanishk-Bansal Kanishk-Bansal force-pushed the cblmargh/net-snmp-upgrade-to-5.9.5-fasttrack/3.0 branch from cb4ca0f to b2aeee8 Compare December 23, 2025 18:06
jslobodzian
jslobodzian reviewed Dec 23, 2025
View reviewed changes
SPECS/net-snmp/net-snmp.spec Outdated

%build
MIBS="ucd-snmp/diskio"
export NETSNMP_DONT_CHECK_VERSION=1
Copy link
Collaborator

@jslobodzian jslobodzian Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don’t think we want to do this. This is to check that the Perl module version matches this version.

Copy link
Contributor

@aninda-al aninda-al Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jslobodzian & @Kanishk-Bansal I believe the real issue is with the configure file under https://sourceforge.net/projects/net-snmp/files/net-snmp/5.9.5/net-snmp-5.9.5.tar.gz. In the configure file the version value is still set to 5.9.4

Identity of this package.

PACKAGE_NAME='Net-SNMP'
PACKAGE_TARNAME='net-snmp'
PACKAGE_VERSION='5.9.4'
PACKAGE_STRING='Net-SNMP 5.9.4'
PACKAGE_BUGREPORT='net-snmp-coders@lists.sourceforge.net'
PACKAGE_URL=''

Fix build & lisc check
8173171 
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
@Kanishk-Bansal
Copy link
Contributor

Kanishk-Bansal commented Dec 24, 2025

Buddy Build

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jslobodzian jslobodzian Awaiting requested review from jslobodzian

1 more reviewer

@aninda-al aninda-al aninda-al left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

Automatic PR AutoUpgrade Core fasttrack/3.0 PRs Destined for Azure Linux 3.0 Packaging security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@CBL-Mariner-Bot @Kanishk-Bansal @jslobodzian @aninda-al