A security vulnerability has been found in mod_watch

A security vulnerability has been found in mod_watch. At this time we have no evidence that this vulnerability has been exploited and we have released a new mod_watch rpm that disables mod_watch. Unfortunately, this will prevent bandwidth calculation until a patch is available.

[root@nate3 ~]# yum update mod_watch
[root@nate3 ~]# rpm -q mod_watch
mod_watch-4.3-105.rhe6x.iworx.p1.ru.x86_64

Hi Nathan
Many thanks, glad your keeping on top of security
I SSH into 2 servers and ran the update, but it could not find any updates
I then logged into nodeworx, changed IW to Release Candidate, which it found the following
mod_watch – Bandwidth accounting for Apache 4.3 105.rhe6x.iworx.p1.ru interworx-stable 2016-09-03 17:10:46
Updated
Is this now patched
Many thanks
John

The patched version was just released. This update also re-enabled mod_watch.

[root@nate3 ~]# rpm -q mod_watch
mod_watch-4.3-106.rhe6x.iworx.p1.ru.x86_64

Hi Nathan

Many thanks

I suspect there maybe other uses on stable, who patch and is unpatched on next IW update

I will check tommorow but I do not think our respositories have been updated yet

Many thanks and you guys rock

John

Hi Nathan
Patch now available in respositories, and installed without issue.
Many thanks
John