The Terabithia Xymon 4.3.29-1 packages have been updated in the production repositories and should be available for download at https://terabithia.org/rpms/xymon/
As a reminder, EL3 and EL4 and Fedora 18-27 have been retired -- those repos have been moved to the /retired/ directory.
As EPEL8 has not yet been released, an fping package is available in the EL8 repository, as well as man2html (needed for rebuilds).
Regards, -jc
On 7/23/2019 9:08 AM, Japheth Cleaver wrote:
The RPMs available at Terabithia have been updated to 4.3.29-1 in the /testing/ repositories at the moment.
If no specific issues are found (please report!), I'll promote these into the production repo in a day or two. (An announcement will be made here.)
Please note that I've built these only for EL5/6/7/8 and F28+ at the moment. If there are requests for older RPM distributions, I can spin RPMs for them as well, but I'd like to begin pruning them a bit if they're not necessary.
Regards, -jc
On 7/23/2019 8:57 AM, Japheth Cleaver wrote:
Hello all,
Xymon 4.3.29 has been released to Sourceforge and should be propagating to mirrors as I write this. Along with an assortment of bug fixes and compilation compatibility fixes for recent glibc systems, this version contains several fixes for security vulnerabilities within some CGI parsing. Although some of these overflows are not exploitable, others, including an XSS vulnerability are. Fixes beyond these CVEs have been made throughout the library, web, and network code to help reduce the likelihood of similar issues in other areas. As a result, all users are encouraged to upgrade.
The specific CVEs in question are: ? CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473, ? CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
Henrik and I would like to extend our thanks to the University of Cambridge Computer Security Incident Response Team, which reported the issues and helped validate their resolution.
Full release notes and other changes are available with the released tarball at https://sourceforge.net/projects/xymon/files/Xymon/4.3.29/
As always, thank you to everyone who has contributed patches, ideas, code, and feature requests to the project!
Sincerely, Japheth "J.C." Cleaver