Announcement

Collapse
No announcement yet.

A security vulnerability has been found in mod_watch

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • A security vulnerability has been found in mod_watch

    A security vulnerability has been found in mod_watch. At this time we have no evidence that this vulnerability has been exploited and we have released a new mod_watch rpm that disables mod_watch. Unfortunately, this will prevent bandwidth calculation until a patch is available.

    Code:
    [root@nate3 ~]# yum update mod_watch
    [root@nate3 ~]# rpm -q mod_watch
    mod_watch-4.3-105.rhe6x.iworx.p1.ru.x86_64

  • #2
    Hi Nathan
    Many thanks, glad your keeping on top of security
    I SSH into 2 servers and ran the update, but it could not find any updates
    I then logged into nodeworx, changed IW to Release Candidate, which it found the following
    mod_watch -- Bandwidth accounting for Apache 4.3 105.rhe6x.iworx.p1.ru interworx-stable 2016-09-03 17:10:46
    Updated
    Is this now patched
    Many thanks
    John

    Comment


    • #3
      The patched version was just released. This update also re-enabled mod_watch.

      [root@nate3 ~]# rpm -q mod_watch
      mod_watch-4.3-106.rhe6x.iworx.p1.ru.x86_64

      Comment


      • #4
        Hi Nathan

        Many thanks

        I suspect there maybe other uses on stable, who patch and is unpatched on next IW update

        I will check tommorow but I do not think our respositories have been updated yet

        Many thanks and you guys rock

        John

        Comment


        • #5
          Hi Nathan
          Patch now available in respositories, and installed without issue.
          Many thanks
          John

          Comment

          Working...
          X