Patch Notes

772.4 LTS

LTS Patches

We only release patches for Long Time Support (LTS) versions, except for some particular cases where we do so for Regular Rolling Release (RRR) versions. Security patches are developed as soon as possible after the vulnerability is detected.

Patches for LTS versions usually include critical-bug troubleshooting and solutions to security problems.

Bug fixes

Case# GitLab# Description

17097

12909

Fixed monitoring policy creation with pluginserver modules, so that all specified fields are saved in the database.

16084

12401

Fixed failures with negative values in SNMP queries.

Fixed vulnerabilities

Case# GitLab# Description

CVE-2023-41793 Thanks to Aleksey Solovev.

12751

Fixed and prevented the the possibility of hosting files outside the dedicated directory in resource upload for plugins for this purpose. As a result arbitrary code execution on the server is prevented.

CVE-2023-44091 Thanks to Aleksey Solovev.

12752

  • Related: 10902 and 12750

Fixed and avoided the possibility of a timed time attack by SQL injection in PFMS API 1.0.

CVE-2023-44090 Thanks to Aleksey Solovev.

12798

Fixed the possibility of code injection in the corresponding SQL in the extension to connect to Grafana.

For information on minimum system requirements, please visit the installation section in the official documentation.

How to update Pandora FMS
  • Update Manager automatically. Requires internet connection in the Pandora FMS console.
  • Update Manager manually through OUM update files in the Pandora FMS console.
  • Manual installation of packages (rpm, deb ...) and subsequent update of the console through the web.

To update the server you will have to do it manually through RPM or tarball packages. The latest version includes MR number 68, which must be applied as indicated in the official documentation.

Find more information about Pandora FMS downloads in our website:

Find more detailed information and steps to follow in the update of each item in our Wiki.

Other resources of interest
Official documentation
Plugin library
Technical support

Legal information

© 2024 Pandora FMS. All rights reserved.

This document cannot in any case be reproduced or modified, decompiled, disassembled, published or distributed in whole or in part, or translated to any electronic or other means without the prior written consent of Pandora FMS. All rights, titles and interests in and towards the software, services and documentation will be the exclusive property of Pandora FMS, its affiliates, and/or respective licensees.

PANDORA FMS DISCLAIMS ALL LIABILITY FOR WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, LEGAL OR NOT, OVER THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION THE NON-INFRINGEMENT, ACCURACY, COMPLETENESS, OR CONTENT OF ANY INFORMATION ON ANY CONTENT. IN NO EVENT SHALL PANDORA FMS, ITS SUPPLIERS OR LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING FROM CONTRACT, INJURY OR BASED ON ANY OTHER LEGAL THEORY, EVEN IF PANDORA FMS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

All registered trademarks of Pandora FMS are the exclusive property of Pandora FMS SLU or its affiliates, registered with the United States Patent and Trademark Office (U.S. Patent and Trademark Office), as well as with the European Patent and Trademark Office. They may be registered or pending registration in other countries. All other brands mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.