[Xymon] Xymon 4.3.29 Released - Important Security Update
Japheth Cleaver
cleaver at terabithia.org
Tue Jul 23 18:08:46 CEST 2019
The RPMs available at Terabithia have been updated to 4.3.29-1 in the
/testing/ repositories at the moment.
If no specific issues are found (please report!), I'll promote these
into the production repo in a day or two. (An announcement will be made
here.)
Please note that I've built these only for EL5/6/7/8 and F28+ at the
moment. If there are requests for older RPM distributions, I can spin
RPMs for them as well, but I'd like to begin pruning them a bit if
they're not necessary.
Regards,
-jc
On 7/23/2019 8:57 AM, Japheth Cleaver wrote:
> Hello all,
>
> Xymon 4.3.29 has been released to Sourceforge and should be
> propagating to mirrors as I write this. Along with an assortment of
> bug fixes and compilation compatibility fixes for recent glibc
> systems, this version contains several fixes for security
> vulnerabilities within some CGI parsing. Although some of these
> overflows are not exploitable, others, including an XSS vulnerability
> are. Fixes beyond these CVEs have been made throughout the library,
> web, and network code to help reduce the likelihood of similar issues
> in other areas. As a result, all users are encouraged to upgrade.
>
> The specific CVEs in question are:
> CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
> CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
>
> Henrik and I would like to extend our thanks to the University of
> Cambridge Computer Security
> Incident Response Team, which reported the issues and helped validate
> their resolution.
>
> Full release notes and other changes are available with the released
> tarball at https://sourceforge.net/projects/xymon/files/Xymon/4.3.29/
>
> As always, thank you to everyone who has contributed patches, ideas,
> code, and feature requests to the project!
>
>
> Sincerely,
> Japheth "J.C." Cleaver
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
More information about the Xymon
mailing list