Patch Notes

772.2 LTS

LTS Patches

We only release patches for Long Time Support (LTS) versions, except for some particular cases where we do so for Regular Rolling Release (RRR) versions. Security patches are developed as soon as possible after the vulnerability is detected.

Patches for LTS versions usually include critical-bug troubleshooting and solutions to security problems.

Fixed vulnerabilities

Case# GitLab# Description

CVE-2023-41788 Thanks to Oliver Brooks.

11780

Limited the upload only to MIB files or for these to be compressed in a zip and to always belong to MIB type. Any other file type will be rejected.

CVE-2023-41789 Thanks to Oliver Brooks.

11781

Limited the data entry in the software agents registry in order to prevent the insertion of non-monitoring code (XML data).

CVE-2023-41790 Thanks to Oliver Brooks.

11786

Limited all cases to prevent files from being downloaded beyond those allowed (MIB repository, collections, etc.).

CVE-2023-41792 Thanks to Oliver Brooks.

11787

Limited the insertion of code not belonging to the OID necessary for monitoring in the SNMP Trap editor .

CVE-2023-41791 Thanks to Oliver Brooks.

11788

  • Related: 11235

Limited custom string translation so that only admin users can have access to them. Prevented the insertion of programming language commands detected by means of their syntax.

CVE-2023-41810 Thanks to Oliver Brooks.

11794

  • Related: 11943

Fixed the insertion of stored cross site scripting in the PFMS Dashboard.

CVE-2023-41811 Thanks to Oliver Brooks.

11795

Fixed the insertion of stored cross site scripting in the PFMS Site News.

CVE-2023-41812 Thanks to Oliver Brooks.

11878

Limited the uploading of files with source code in the File repository manager that could be used to access other PFMS server areas.

N/A

12304

Fixed character encoding error when applying a monitoring policy written in Japanese language to an agent's "remote_config" file.

16494

12357

The "Previous" and "Next" buttons for results paging in SNMP Console have been corrected.

N/A

12305

  • Related: 11790, 11785 and 11782

A warning has been inserted for the deactivation and change of GoTTY to be performed in version 774.

Bugs Fixed

Case# GitLab# Description

16501

12360

Fixed a bug in a fixed URL in AJAX which prevented editing permissions in the authentication view of the "LDAP attributes".

N/A

12002

Fixed the option to Edit modules in bulk in Bulk operations to enable or disable them. The error occurred because an SQL operation was performed without having the valid data for it.

15741

11624

An error has been corrected both in nodes and in Command Center (Metaconsole) that prevented the display of legends in the generation of PDF graphs and in the API graphs.

16635

12033

Fixed a bug when disabling the "Use real-time statistics" token, which caused the Tactical View and Server View to not display network modules.

16168

11964

Fixed fields 4, 5 and 6 in SNMP alerts. Now with this correction, when editing an SNMP alert, these fields are saved in the correct order.

For information on minimum system requirements, please visit the installation section in the official documentation.

How to update Pandora FMS
  • Update Manager automatically. Requires internet connection in the Pandora FMS console.
  • Update Manager manually through OUM update files in the Pandora FMS console.
  • Manual installation of packages (rpm, deb ...) and subsequent update of the console through the web.

To update the server you will have to do it manually through RPM or tarball packages. The latest version includes MR number 70, which must be applied as indicated in the official documentation.

Find more information about Pandora FMS downloads in our website:

Find more detailed information and steps to follow in the update of each item in our Wiki.

Other resources of interest
Official documentation
Plugin library
Technical support

Legal information

© 2024 Pandora FMS. All rights reserved.

This document cannot in any case be reproduced or modified, decompiled, disassembled, published or distributed in whole or in part, or translated to any electronic or other means without the prior written consent of Pandora FMS. All rights, titles and interests in and towards the software, services and documentation will be the exclusive property of Pandora FMS, its affiliates, and/or respective licensees.

PANDORA FMS DISCLAIMS ALL LIABILITY FOR WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, LEGAL OR NOT, OVER THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION THE NON-INFRINGEMENT, ACCURACY, COMPLETENESS, OR CONTENT OF ANY INFORMATION ON ANY CONTENT. IN NO EVENT SHALL PANDORA FMS, ITS SUPPLIERS OR LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING FROM CONTRACT, INJURY OR BASED ON ANY OTHER LEGAL THEORY, EVEN IF PANDORA FMS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

All registered trademarks of Pandora FMS are the exclusive property of Pandora FMS SLU or its affiliates, registered with the United States Patent and Trademark Office (U.S. Patent and Trademark Office), as well as with the European Patent and Trademark Office. They may be registered or pending registration in other countries. All other brands mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.