Patch Notes

772.4 LTS

LTS Patches

We only release patches for Long Time Support (LTS) versions, except for some particular cases where we do so for Regular Rolling Release (RRR) versions. Security patches are developed as soon as possible after the vulnerability is detected.

Patches for LTS versions usually include critical-bug troubleshooting and solutions to security problems.

Bug fixes

Case#	GitLab#	Description
17097	12909	Fixed monitoring policy creation with pluginserver modules, so that all specified fields are saved in the database.
16084	12401	Fixed failures with negative values in SNMP queries.

Fixed vulnerabilities

Case#	GitLab#	Description
CVE-2023-41793 Thanks to Aleksey Solovev.	12751	Fixed and prevented the the possibility of hosting files outside the dedicated directory in resource upload for plugins for this purpose. As a result arbitrary code execution on the server is prevented.
CVE-2023-44091 Thanks to Aleksey Solovev.	12752 Related: 10902 and 12750	Fixed and avoided the possibility of a timed time attack by SQL injection in PFMS API 1.0.
CVE-2023-44090 Thanks to Aleksey Solovev.	12798	Fixed the possibility of code injection in the corresponding SQL in the extension to connect to Grafana.

Case#

GitLab#

Description

CVE-2023-41793 Thanks to Aleksey Solovev.

12751

Fixed and prevented the the possibility of hosting files outside the dedicated directory in resource upload for plugins for this purpose. As a result arbitrary code execution on the server is prevented.

CVE-2023-44091 Thanks to Aleksey Solovev.

12752

Related: 10902 and 12750

Fixed and avoided the possibility of a timed time attack by SQL injection in PFMS API 1.0.

CVE-2023-44090 Thanks to Aleksey Solovev.

12798

Fixed the possibility of code injection in the corresponding SQL in the extension to connect to Grafana.

For information on minimum system requirements, please visit the installation section in the official documentation.

How to update Pandora FMS

Automatic update: Use the Update Manager in Pandora FMS console (requires internet connection).
Manual update: Upload OUM update files in Pandora FMS console.
Package installation: Download and install packages (rpm, deb...) and update the console from the web.

To update the server, use RPM packages or tarball manually. The latest version includes MR 79, which should be applied according to the indications of the official documentation.

More information about downloads:

See our Wiki for detailed instructions on each upgrade process.

Other resources of interest

Official documentation

Plugin library

Technical support

Legal information

This document cannot in any case be reproduced or modified, decompiled, disassembled, published or distributed in whole or in part, or translated to any electronic or other means without the prior written consent of Pandora FMS. All rights, titles and interests in and towards the software, services and documentation will be the exclusive property of Pandora FMS, its affiliates, and/or respective licensees.

PANDORA FMS DISCLAIMS ALL LIABILITY FOR WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, LEGAL OR NOT, OVER THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION THE NON-INFRINGEMENT, ACCURACY, COMPLETENESS, OR CONTENT OF ANY INFORMATION ON ANY CONTENT. IN NO EVENT SHALL PANDORA FMS, ITS SUPPLIERS OR LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING FROM CONTRACT, INJURY OR BASED ON ANY OTHER LEGAL THEORY, EVEN IF PANDORA FMS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

All registered trademarks of Pandora FMS are the exclusive property of Pandora FMS SLU or its affiliates, registered with the United States Patent and Trademark Office (U.S. Patent and Trademark Office), as well as with the European Patent and Trademark Office. They may be registered or pending registration in other countries. All other brands mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.