[Xymon] Xymon 4.3.29 Released - Important Security Update
Japheth Cleaver
cleaver at terabithia.org
Tue Jul 23 18:11:12 CEST 2019
On 7/23/2019 8:57 AM, Japheth Cleaver wrote:
> Hello all,
>
> Xymon 4.3.29 has been released to Sourceforge and should be
> propagating to mirrors as I write this. Along with an assortment of
> bug fixes and compilation compatibility fixes for recent glibc
> systems, this version contains several fixes for security
> vulnerabilities within some CGI parsing. Although some of these
> overflows are not exploitable, others, including an XSS vulnerability
> are. Fixes beyond these CVEs have been made throughout the library,
> web, and network code to help reduce the likelihood of similar issues
> in other areas. As a result, all users are encouraged to upgrade.
>
> The specific CVEs in question are:
> CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
> CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
For clarification, the above CVEs only affect the *server* side of the
Xymon monitoring system. Xymon clients are not affected.
-jc
More information about the Xymon
mailing list