A security update for the net-snmp package has been released to fix a vulnerability that allows an attacker to crash the snmptrapd daemon with a specially crafted packet. The bug is not mitigatable, so the only solution is to ensure the SNMP port is firewalled or upgrade the package. A separate update also addressed a parsing issue on Linux systems 6.7 and above. Additionally, two vulnerabilities were found in the smb4k utility, allowing for local denial of service or privilege escalation, which have been fixed with an updated version of the package.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1603-1 net-snmp security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4430-1] net-snmp security update

Debian GNU/Linux 13 (Trixie):
[DSA 6092-1] smb4k security update

ELA-1603-1 net-snmp security update

Package : net-snmp

Version : 5.7.3+dfsg-1.7+deb9u6 (stretch), 5.7.3+dfsg-5+deb10u5 (buster)

Related CVEs :
CVE-2025-68615

net-snmp is a SNMP application library, tools and daemon.
A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer
overflow and the daemon to crash.
(SNMP ports should never be open to public networks. There is no mitigation
available other than ensuring ports to snmptrapd are appropriately firewalled
or by upgrading.)

ELA-1603-1 net-snmp security update

[SECURITY] [DLA 4430-1] net-snmp security update

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4430-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Andreas Henriksson
January 01, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : net-snmp
Version : 5.9+dfsg-4+deb11u3
CVE ID : CVE-2025-68615
Debian Bug : 1069087 1123861

net-snmp is a SNMP application library, tools and daemon.

A specially crafted packet to an net-snmp snmptrapd daemon can cause a
buffer overflow and the daemon to crash.

(SNMP ports should never be open to public networks. There is no
mitigation available other than ensuring ports to snmptrapd are
appropriately firewalled or by upgrading.)

Additionally a problem with parsing /proc/net/snmp on Linux >= 6.7 (which
contains an additional OutTransmits field) was fixed.

For Debian 11 bullseye, this problem has been fixed in version
5.9+dfsg-4+deb11u3.

We recommend that you upgrade your net-snmp packages.

For the detailed security status of net-snmp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/net-snmp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 6092-1] smb4k security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6092-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 01, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : smb4k
CVE ID : CVE-2025-66002 CVE-2025-66003
Debian Bug : 1122381

Two vulnerabilities were discovered in smb4k, a KDE desktop utility
which allows unprivileged mounting of Samba/CIFS network shares, which
may result in local denial of service or local privilege escalation.

For the stable distribution (trixie), these problems have been fixed in
version 4.0.0-1+deb13u1.

We recommend that you upgrade your smb4k packages.

For the detailed security status of smb4k please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/smb4k

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/