[Xymon] Xymon 4.3.29 Released - Important Security Update

Japheth Cleaver cleaver at terabithia.org
Tue Jul 23 18:11:12 CEST 2019

On 7/23/2019 8:57 AM, Japheth Cleaver wrote:
> Hello all,
> Xymon 4.3.29 has been released to Sourceforge and should be 
> propagating to mirrors as I write this. Along with an assortment of 
> bug fixes and compilation compatibility fixes for recent glibc 
> systems, this version contains several fixes for security 
> vulnerabilities within some CGI parsing. Although some of these 
> overflows are not exploitable, others, including an XSS vulnerability 
> are. Fixes beyond these CVEs have been made throughout the library, 
> web, and network code to help reduce the likelihood of similar issues 
> in other areas. As a result, all users are encouraged to upgrade.
> The specific CVEs in question are:
>   CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
>   CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486

For clarification, the above CVEs only affect the *server* side of the 
Xymon monitoring system. Xymon clients are not affected.


More information about the Xymon mailing list