CVE-2013-2131
Published: 4 January 2015
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
Notes
Author | Note |
---|---|
rodrigo-zaiden | xenial was patched in release version 1.4.8-1, and later it was upgraded to the new upstream version 1.5 that already has the fix (no need to add an explict patch). Since then, every Ubuntu release already has the fix applied. |
Priority
Status
Package | Release | Status |
---|---|---|
rrdtool Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Released
(1.7.0-1build1)
|
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Released
(1.7.2-3build1)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Released
(1.7.2-3build6)
|
|
jammy |
Released
(1.7.2-3ubuntu5)
|
|
kinetic |
Released
(1.7.2-3ubuntu5)
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Released
(1.7.2-3ubuntu5)
|
|
mantic |
Released
(1.7.2-3ubuntu5)
|
|
noble |
Released
(1.7.2-3ubuntu5)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Needed
|
|
upstream |
Released
(1.5.0)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(1.4.8-1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
Patches: upstream: https://github.com/yarda/rrdtool-1.x/commit/37d3050caed517538efa1f6fc28fda48aee3d53e |