[Xymon] Xymon 4.3.29 Released - Important Security Update

Japheth Cleaver cleaver at terabithia.org
Tue Jul 23 18:08:46 CEST 2019

The RPMs available at Terabithia have been updated to 4.3.29-1 in the 
/testing/ repositories at the moment.

If no specific issues are found (please report!), I'll promote these 
into the production repo in a day or two. (An announcement will be made 

Please note that I've built these only for EL5/6/7/8 and F28+ at the 
moment. If there are requests for older RPM distributions, I can spin 
RPMs for them as well, but I'd like to begin pruning them a bit if 
they're not necessary.


On 7/23/2019 8:57 AM, Japheth Cleaver wrote:
> Hello all,
> Xymon 4.3.29 has been released to Sourceforge and should be 
> propagating to mirrors as I write this. Along with an assortment of 
> bug fixes and compilation compatibility fixes for recent glibc 
> systems, this version contains several fixes for security 
> vulnerabilities within some CGI parsing. Although some of these 
> overflows are not exploitable, others, including an XSS vulnerability 
> are. Fixes beyond these CVEs have been made throughout the library, 
> web, and network code to help reduce the likelihood of similar issues 
> in other areas. As a result, all users are encouraged to upgrade.
> The specific CVEs in question are:
>   CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
>   CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
> Henrik and I would like to extend our thanks to the University of 
> Cambridge Computer Security
> Incident Response Team, which reported the issues and helped validate 
> their resolution.
> Full release notes and other changes are available with the released 
> tarball at https://sourceforge.net/projects/xymon/files/Xymon/4.3.29/
> As always, thank you to everyone who has contributed patches, ideas, 
> code, and feature requests to the project!
> Sincerely,
> Japheth "J.C." Cleaver
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon

More information about the Xymon mailing list