[Xymon] Xymon 4.3.18 Released

J.C. Cleaver cleaver at terabithia.org
Tue Feb 3 22:07:56 CET 2015


Hello,

Xymon 4.3.18 has been released to SourceForge
(https://sourceforge.net/projects/xymon/) and should be populating on the
mirrors shortly.


4.3.18 fixes a buffer overflow vulnerability in the acknowledge.cgi script
(tracked as CVE-2015-1430). Thank you to Mark Felder and Martin Lenko for
their assistance in this.


This release also modifies the CGI interface to remove any dependencies on
a shell interpreter, as a protection against any future "Shellshock"-type
bash vulnerabilities. (Only users running bash as their /bin/sh
interpreter would have been affected.) As a result, the Apache
configuration for the web interface and your cgioptions.cfg file may need
to be adjusted, depending on your configuration.


Several other small bugs have also been addressed. For more details on
those, see the Changes file in the distribution.


Regards,

-jc




More information about the Xymon mailing list