Patch Notes

772.2 LTS

LTS Patches

We only release patches for Long Time Support (LTS) versions, except for some particular cases where we do so for Regular Rolling Release (RRR) versions. Security patches are developed as soon as possible after the vulnerability is detected.

Patches for LTS versions usually include critical-bug troubleshooting and solutions to security problems.

Fixed vulnerabilities

Case# GitLab# Description

CVE-2023-41788 Thanks to Oliver Brooks.

11780

Limited the upload only to MIB files or for these to be compressed in a zip and to always belong to MIB type. Any other file type will be rejected.

CVE-2023-41789 Thanks to Oliver Brooks.

11781

Limited the data entry in the software agents registry in order to prevent the insertion of non-monitoring code (XML data).

CVE-2023-41790 Thanks to Oliver Brooks.

11786

Limited all cases to prevent files from being downloaded beyond those allowed (MIB repository, collections, etc.).

CVE-2023-41792 Thanks to Oliver Brooks.

11787

Limited the insertion of code not belonging to the OID necessary for monitoring in the SNMP Trap editor .

CVE-2023-41791 Thanks to Oliver Brooks.

11788

  • Related: 11235

Limited custom string translation so that only admin users can have access to them. Prevented the insertion of programming language commands detected by means of their syntax.

CVE-2023-41810 Thanks to Oliver Brooks.

11794

  • Related: 11943

Fixed the insertion of stored cross site scripting in the PFMS Dashboard.

CVE-2023-41811 Thanks to Oliver Brooks.

11795

Fixed the insertion of stored cross site scripting in the PFMS Site News.

CVE-2023-41812 Thanks to Oliver Brooks.

11878

Limited the uploading of files with source code in the File repository manager that could be used to access other PFMS server areas.

N/A

12304

Fixed character encoding error when applying a monitoring policy written in Japanese language to an agent's "remote_config" file.

16494

12357

The "Previous" and "Next" buttons for results paging in SNMP Console have been corrected.

N/A

12305

  • Related: 11790, 11785 and 11782

A warning has been inserted for the deactivation and change of GoTTY to be performed in version 774.

Bugs Fixed

Case# GitLab# Description

16501

12360

Fixed a bug in a fixed URL in AJAX which prevented editing permissions in the authentication view of the "LDAP attributes".

N/A

12002

Fixed the option to Edit modules in bulk in Bulk operations to enable or disable them. The error occurred because an SQL operation was performed without having the valid data for it.

15741

11624

An error has been corrected both in nodes and in Command Center (Metaconsole) that prevented the display of legends in the generation of PDF graphs and in the API graphs.

16635

12033

Fixed a bug when disabling the "Use real-time statistics" token, which caused the Tactical View and Server View to not display network modules.

16168

11964

Fixed fields 4, 5 and 6 in SNMP alerts. Now with this correction, when editing an SNMP alert, these fields are saved in the correct order.

For more information about previous versions, visit the release notes section of our website.

For information on minimum system requirements, please visit the installation section in the official documentation.

How to update Pandora FMS
  • Update Manager automatically. Requires internet connection in the Pandora FMS console.
  • Update Manager manually through OUM update files in the Pandora FMS console.
  • Manual installation of packages (rpm, deb ...) and subsequent update of the console through the web.

To update the server you will have to do it manually through RPM or tarball packages. The latest version (774 RRR) includes MR number 65, which must be applied as indicated in the official documentation.

Find more information about Pandora FMS downloads in our website:

Find more detailed information and steps to follow in the update of each item in our Wiki.

Información legal

© 2023 Pandora FMS LLC. Reservados todos los derechos.

Este documento no puede en ningún caso reproducirse o modificarse, descompilarse, desensamblarse, publicarse o distribuirse total o parcialmente, ni traducirse a ningún medio electrónico o de otro tipo sin el consentimiento previo por escrito de Pandora FMS. Todos los derechos, títulos e intereses sobre y hacia el software, servicios y documentación serán propiedad exclusiva de Pandora FMS, sus afiliados y/o sus respectivos licenciatarios.

PANDORA FMS RENUNCIA A TODA RESPONSABILIDAD POR GARANTÍAS, CONDICIONES U OTROS TÉRMINOS, EXPRESOS O IMPLÍCITOS, LEGALES O NO, SOBRE LA DOCUMENTACIÓN, INCLUYENDO, SIN LIMITACIÓN, LA NO INFRACCIÓN, EXACTITUD, INTEGRIDAD O CONTENIDO DE CUALQUIER INFORMACIÓN SOBRE CUALQUIER CONTENIDO. EN NINGÚN CASO PANDORA FMS, SUS PROVEEDORES O LICENCIANTES SERÁN RESPONSABLES POR NINGÚN DAÑO, YA SEA QUE SURJA DE UN CONTRATO, DE UNA LESIÓN O SE BASA EN CUALQUIER OTRA TEORÍA LEGAL, INCLUSO SI PANDORA FMS HA SIDO INFORMADA DE LA POSIBILIDAD DE TALES DAÑOS.

Todas las marcas comerciales de Pandora FMS son propiedad exclusiva de Pandora FMS LLC o sus filiales, están registradas en la Oficina de Patentes y Marcas de EE. UU. y pueden estar registradas o pendientes de registro en otros países. Todas las demás marcas comerciales, marcas de servicio y logotipos de Pandora FMS pueden estar bajo el derecho consuetudinario o estar registrados o pendientes de registro. Todas las demás marcas mencionadas en este documento se utilizan únicamente con fines de identificación y son marcas comerciales (y pueden ser marcas comerciales registradas) de sus respectivas empresas.