-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : rrdtool Version : 1.4.8-1.2+deb8u1 CVE ID : CVE-2014-6262
Multiple format string vulnerabilities in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. For Debian 8 "Jessie", this problem has been fixed in version 1.4.8-1.2+deb8u1. We recommend that you upgrade your rrdtool packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5cHe8ACgkQgj6WdgbD S5ZczhAAjKTPEJ7Q24p4RaX/7VX3eKDhkkJ6rWZKRyKk6pHV11NFjdUFlseRFQ3s xtnl0qNT/5Cop7aVz2OcqEtxbz/fb17P5hsUw3nVWdNwuXjKfwIiej0raiArIWkx 6+vC5cWZ5hIj/TSXcZmAJ6xOv6ww2SWCGhhWo/CMPsI+NSat1gnU+6yhq1hGrd9U WP6HJByH49pGc1rV44JKKXYtnh1+XhPcsLev1pI9ogle43sRFzxoNMB/a2I0/C1z m2jDycLMB6f74oHq1V+a9ASUhYlbZrII+OyYpsIeJDAcYz1pYH4uFT2G/dcFKJ+N nx0eSdFzAAuK9LZs2swfcGECAjbVZGyZ6Pt+OqKhlFk5s8zonEEcA7N5XNroWUyw qYSc96KAg4v/KGuRJ1/QBgao4K9F56cI7RJwRuUjY/3Im5P4KFmlB8jrjiO6sDBG Hitb17Xp7fknEl9OAL3MsaSi8utJ72EQqb4uEWlqaFj7F+Qn++6nae6Fi4E0h0c9 gVkoBzpS0BYCnFrOjg7rfJDtQTQu5+QQrh6w3/ruBLN/80Q8TqUfPOjEKBAaALdi TDlsNHXf+5igngb5kRWku0v6lSnqWqnz7kXsZ51NVCpWcCeRlzmY3ptRcqEqqv/T 7Cu3xcJsd8U1vj2g/Xk6bhUvjA7TQHNRsdY5OdXqiL1kWMQGpqw= =Sulz -----END PGP SIGNATURE-----
