[Xymon] Xymon 4.3.29 Released - Important Security Update

Moritz Mühlenhoff jmm at inutil.org
Thu Jul 25 09:52:08 CEST 2019

On Wed, Jul 24, 2019 at 06:46:51PM -0700, Japheth Cleaver wrote:
> CSIRT may still have a write-up pending on these, but it is believed that
> the only impact are segfaults when passed in invalid/overflow input. This is
> typically a hostsvc being parsed and assigned to a PATH_MAX-sized variable
> via sprintf rather than snprintf.

In addition the Debian binaries of Xymon (not sure if this is also covered
in the upstream build system or a Debian-specific change by relying on
Debian's dpkg-buildflags infrastructure) are built with FORTIFY_SOURCE.


More information about the Xymon mailing list