Candidate: CVE-2013-2131 PublicDate: 2015-01-04 21:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2131 http://www.openwall.com/lists/oss-security/2013/04/18/5 Description: Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. Ubuntu-Description: Notes: rodrigo-zaiden> xenial was patched in release version 1.4.8-1, and later it was upgraded to the new upstream version 1.5 that already has the fix (no need to add an explict patch). Since then, every Ubuntu release already has the fix applied. Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708866 https://github.com/oetiker/rrdtool-1.x/issues/396 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2131 Priority: low Discovered-by: Thomas Pollet Assigned-to: CVSS: Patches_rrdtool: upstream: https://github.com/yarda/rrdtool-1.x/commit/37d3050caed517538efa1f6fc28fda48aee3d53e upstream_rrdtool: released (1.5.0) lucid_rrdtool: ignored (reached end-of-life) precise_rrdtool: ignored (reached end-of-life) precise/esm_rrdtool: ignored (end of ESM support, was needed) quantal_rrdtool: ignored (reached end-of-life) raring_rrdtool: ignored (reached end-of-life) saucy_rrdtool: ignored (reached end-of-life) trusty_rrdtool: ignored (reached end-of-life) trusty/esm_rrdtool: needed utopic_rrdtool: ignored (reached end-of-life) vivid_rrdtool: ignored (reached end-of-life) vivid/stable-phone-overlay_rrdtool: DNE vivid/ubuntu-core_rrdtool: DNE wily_rrdtool: ignored (reached end-of-life) xenial_rrdtool: ignored (end of standard support, was needed) esm-infra/xenial_rrdtool: released (1.4.8-1) yakkety_rrdtool: ignored (reached end-of-life) zesty_rrdtool: ignored (reached end-of-life) artful_rrdtool: ignored (reached end-of-life) bionic_rrdtool: released (1.7.0-1build1) cosmic_rrdtool: ignored (reached end-of-life) disco_rrdtool: ignored (reached end-of-life) eoan_rrdtool: ignored (reached end-of-life) focal_rrdtool: released (1.7.2-3build1) groovy_rrdtool: ignored (reached end-of-life) hirsute_rrdtool: ignored (reached end-of-life) impish_rrdtool: released (1.7.2-3build6) jammy_rrdtool: released (1.7.2-3ubuntu5) devel_rrdtool: released (1.7.2-3ubuntu5)