Patch Notes

772.3 LTS

LTS Patches

We only release patches for Long Time Support (LTS) versions, except for some particular cases where we do so for Regular Rolling Release (RRR) versions. Security patches are developed as soon as possible after the vulnerability is detected.

Patches for LTS versions usually include critical-bug troubleshooting and solutions to security problems.

Bugs Fixed

Case# GitLab# Description

N/A

12592

Fixed Integria IMS integration (Pandora ITSM) at user level with Pandora FMS in its corresponding settings section.

N/A

12768

Fixed: If a user with reading permissions (in this case the Operator read profile) does not belong to a group they will not be able to see the inventory of an agent belonging to that group.

N/A

12775

  • Related: 11589 and 12382

Fixed report export in XML format.

Fixed vulnerabilities

Case# GitLab# Description

CVE-2023-41814 Thanks to Gabriel Weitzel.

12043

Fixed the insertion of JavaScript code (possible XSS) in Pandora FMS notification system messages.

CVE-2023-41815 Thanks to Osama Yousef.

12121

Fixed XSS code insertion for directory names in the File manager of PFMS Web Console.

CVE-2023-44088 Thanks to Osama Yousef.

12122

Fixed SQL and/or JS code insertion for the file name of an image in the option for uploading an image as background when creating a new PFMS visual console.

CVE-2023-44089 Thanks to Osama Yousef.

12123

Fixed JavaScript code insertion in the name of a visual console when creating it (menu Topology maps → Visual console → visual console list).

CVE-2023-44092 Thanks to Aleksey Solovev.

12753

Fixed and prevented the possibility of an attack by operating system command insertion in PFMS event responses.

For information on minimum system requirements, please visit the installation section in the official documentation.

How to update Pandora FMS
  • Update Manager automatically. Requires internet connection in the Pandora FMS console.
  • Update Manager manually through OUM update files in the Pandora FMS console.
  • Manual installation of packages (rpm, deb ...) and subsequent update of the console through the web.

To update the server you will have to do it manually through RPM or tarball packages. The latest version includes MR number 70, which must be applied as indicated in the official documentation.

Find more information about Pandora FMS downloads in our website:

Find more detailed information and steps to follow in the update of each item in our Wiki.

Other resources of interest
Official documentation
Plugin library
Technical support

Legal information

© 2024 Pandora FMS. All rights reserved.

This document cannot in any case be reproduced or modified, decompiled, disassembled, published or distributed in whole or in part, or translated to any electronic or other means without the prior written consent of Pandora FMS. All rights, titles and interests in and towards the software, services and documentation will be the exclusive property of Pandora FMS, its affiliates, and/or respective licensees.

PANDORA FMS DISCLAIMS ALL LIABILITY FOR WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, LEGAL OR NOT, OVER THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION THE NON-INFRINGEMENT, ACCURACY, COMPLETENESS, OR CONTENT OF ANY INFORMATION ON ANY CONTENT. IN NO EVENT SHALL PANDORA FMS, ITS SUPPLIERS OR LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING FROM CONTRACT, INJURY OR BASED ON ANY OTHER LEGAL THEORY, EVEN IF PANDORA FMS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

All registered trademarks of Pandora FMS are the exclusive property of Pandora FMS SLU or its affiliates, registered with the United States Patent and Trademark Office (U.S. Patent and Trademark Office), as well as with the European Patent and Trademark Office. They may be registered or pending registration in other countries. All other brands mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.