[Xymon] Xymon 4.3.29 Released - Important Security Update

Richard L. Hamilton rlhamil2 at gmail.com
Wed Jul 24 14:46:24 CEST 2019

gcc prior to 4.6 gives the errors:

acklog.c: In function ‘do_acklog’:
acklog.c:129:12: error: #pragma GCC diagnostic not allowed inside functions
acklog.c:130:12: error: #pragma GCC diagnostic not allowed inside functions
acklog.c:132:12: error: #pragma GCC diagnostic not allowed inside functions

Discussion of other software with a similar problem suggests a gcc version test for those.  Or just comment out those lines, for those who don't
want to install a newer gcc and don't want to wait for a version test to be added.

> On Jul 23, 2019, at 12:11, Japheth Cleaver <cleaver at terabithia.org> wrote:
> On 7/23/2019 8:57 AM, Japheth Cleaver wrote:
>> Hello all,
>> Xymon 4.3.29 has been released to Sourceforge and should be propagating to mirrors as I write this. Along with an assortment of bug fixes and compilation compatibility fixes for recent glibc systems, this version contains several fixes for security vulnerabilities within some CGI parsing. Although some of these overflows are not exploitable, others, including an XSS vulnerability are. Fixes beyond these CVEs have been made throughout the library, web, and network code to help reduce the likelihood of similar issues in other areas. As a result, all users are encouraged to upgrade.
>> The specific CVEs in question are:
>>   CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
>>   CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
> For clarification, the above CVEs only affect the *server* side of the Xymon monitoring system. Xymon clients are not affected.
> -jc
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon

More information about the Xymon mailing list