[Xymon] Xymon 4.3.29 Released - Important Security Update
Japheth Cleaver
cleaver at terabithia.org
Tue Jul 23 17:57:49 CEST 2019
Hello all,
Xymon 4.3.29 has been released to Sourceforge and should be propagating
to mirrors as I write this. Along with an assortment of bug fixes and
compilation compatibility fixes for recent glibc systems, this version
contains several fixes for security vulnerabilities within some CGI
parsing. Although some of these overflows are not exploitable, others,
including an XSS vulnerability are. Fixes beyond these CVEs have been
made throughout the library, web, and network code to help reduce the
likelihood of similar issues in other areas. As a result, all users are
encouraged to upgrade.
The specific CVEs in question are:
CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
Henrik and I would like to extend our thanks to the University of
Cambridge Computer Security
Incident Response Team, which reported the issues and helped validate
their resolution.
Full release notes and other changes are available with the released
tarball at https://sourceforge.net/projects/xymon/files/Xymon/4.3.29/
As always, thank you to everyone who has contributed patches, ideas,
code, and feature requests to the project!
Sincerely,
Japheth "J.C." Cleaver
More information about the Xymon
mailing list