Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-87809

net-snmp-5.8-30.el8.x86_64.rpm requires vulnerable perl version 5.26

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • rhel-8.10
    • net-snmp
    • None
    • No
    • Moderate
    • 1
    • rhel-base-utils-core
    • ssg_core_services
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • BaseUtilsC Sprint CY25_00
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      net-snmp-5.8-30.el8.x86_64.rpm, in RHEL 8.10, requires a vulnerable Perl version 5.26. 

      What is the impact of this issue to you?

      Perl 5.26 is vulnerable to CVE-2023-47038, which was fixed on 20231124, with Perl 5.32. 

       

      When trying to update Perl to this latest version it breaks net-snmp. Net-snmp is required for their workflow.

      Please provide the package NVR for which the bug is seen: net-snmp-5.8-30.el8.x86_64

      How reproducible is this bug?: Always

      Steps to reproduce

      1. Install net-snmp on RHEL 8.10

      Expected results

      Installation install with updated version of Perl.

      Actual results

      Installs with a version of Perl that has a CVE that has sense been fixed/

              jridky Josef Řídký
              rhn-support-mralph Mike Ralph
              Josef Řídký Josef Řídký
              RHEL SST CS base utils QE Bot RHEL SST CS base utils QE Bot
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: