ELA-257-1 net-snmp security update

privilege escalation vulnerability

Related CVEs CVE-2020-15861 CVE-2020-15862

A privilege escalation vulnerability was discovered in Net-SNMP due to incorrect symlink handling (CVE-2020-15861).

This security update also applies an upstream fix to their previous handling of CVE-2020-15862 as part of ELA-252-1.

For Debian 8 Jessie, these problems have been fixed in version

We recommend that you upgrade your net-snmp packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.