From ce66eb97c17aa9a48bc079be7b65895266fa6775 Mon Sep 17 00:00:00 2001
From: Wes Hardaker <opensource@hardakers.net>
Date: Wed, 22 Jun 2022 15:00:17 -0700
Subject: [PATCH] updates to CHANGES/NEWS

---
 CHANGES | 30 ++++++++++++++++++++++++++----
 NEWS    | 25 ++++++++++++++++++++++++-
 2 files changed, 50 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6addcd2246..f7eef0e288 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,10 +4,28 @@ a summary of the major changes, and the ChangeLog file for a comprehensive
 listing of all changes made to the code.
 
 *5.9.2*:
-    misc:
-      - snmp-create-v3-user: Fix the snmpd.conf path   @datadir@ is
-	expanded in ${datarootdir} so datarootdir must be set before
-	@datadir@ is used.
+    security:
+      - These two CVEs can be exploited by a user with read-only credentials:
+          - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
+            NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
+          - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
+            can cause a NULL pointer dereference.
+      - These CVEs can be exploited by a user with read-write credentials:
+          - CVE-2022-24806 Improper Input Validation when SETing malformed
+            OIDs in master agent and subagent simultaneously
+          - CVE-2022-24807 A malformed OID in a SET request to
+            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
+            out-of-bounds memory access.
+          - CVE-2022-24808 A malformed OID in a SET request to
+            NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
+          - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
+            can cause a NULL pointer dereference.
+      - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
+        If you must use SNMPv1 or SNMPv2c, use a complex community string
+        and enhance the protection by restricting access to a given IP address range.
+      - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
+        reporting the following CVEs that have been fixed in this release, and
+        to Arista Networks for providing fixes.
 
     Windows:
       - WinExtDLL: Fix multiple compiler warnings
@@ -27,6 +45,10 @@ listing of all changes made to the code.
       - Moved transport code into a separate subdirectory in snmplib
       - Snmplib: remove inline versions of container funcs".
 
+    misc:
+      - snmp-create-v3-user: Fix the snmpd.conf path   @datadir@ is
+	expanded in ${datarootdir} so datarootdir must be set before
+	@datadir@ is used.
 
 *5.9.1*:
     General: Many bug fixes
diff --git a/NEWS b/NEWS
index 661903d084..7c331c0f8a 100644
--- a/NEWS
+++ b/NEWS
@@ -4,13 +4,36 @@ that have been fixed/applied, and the ChangeLog file for a comprehensive
 listing of all changes made to the code.
 
 *5.9.2*:
-    general: Many bug fixes
+    security:
+      - These two CVEs can be exploited by a user with read-only credentials:
+          - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
+            NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
+          - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
+            can cause a NULL pointer dereference.
+      - These CVEs can be exploited by a user with read-write credentials:
+          - CVE-2022-24806 Improper Input Validation when SETing malformed
+            OIDs in master agent and subagent simultaneously
+          - CVE-2022-24807 A malformed OID in a SET request to
+            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
+            out-of-bounds memory access.
+          - CVE-2022-24808 A malformed OID in a SET request to
+            NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
+          - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
+            can cause a NULL pointer dereference.
+      - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
+        If you must use SNMPv1 or SNMPv2c, use a complex community string
+        and enhance the protection by restricting access to a given IP address range.
+      - Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
+        reporting the following CVEs that have been fixed in this release, and
+        to Arista Networks for providing fixes.
 
     misc:
       - Snmp-create-v3-user: Fix the snmpd.conf path   @datadir@ is
 	expanded in ${datarootdir} so datarootdir must be set before
 	@datadir@ is used.
 
+    general: Many bug fixes
+
 *5.9.1*:
     General: Many bug fixes