In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. CVE-2019-13485
CVE: (none) => CVE-2019-13486
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c.
updating right now
CC: (none) => mageia
Debian-LTS has issued an advisory on August 26, 2019: https://www.debian.org/lts/security/2019/dla-1898 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Patches available from DebianSummary: xymon security issue CVE-2019-13486 => xymon new security issues CVE-2019-1327[34] CVE-2019-1345[125] CVE-2019-1348[4-6]
Severity: normal => critical
As there is no maintainer for this package I added the committers in CC. (Please set the status to 'assigned' if you are working on it)
CC: (none) => ouaurelienAssignee: bugsquad => pkg-bugs
New version pushed in cauldron
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
It should be updated to 4.3.30 to fix more crashes: https://sourceforge.net/projects/xymon/files/Xymon/4.3.30/ https://lists.xymon.com/archive/2019-September/046688.html
Status comment: Patches available from Debian => Fixed upstream in 4.3.29 (regression fixes in 4.3.30), patches available from DebianSummary: xymon new security issues CVE-2019-1327[34] CVE-2019-1345[125] CVE-2019-1348[4-6] => xymon new security issues CVE-2019-1327[34] CVE-2019-1345[125] CVE-2019-1347[34] CVE-2019-1348[4-6]
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Status: NEW => RESOLVEDResolution: (none) => OLD