Announcement

Collapse
No announcement yet.

A security vulnerability has been found in mod_watch

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • d2d4j
    replied
    Hi Nathan
    Patch now available in respositories, and installed without issue.
    Many thanks
    John

    Leave a comment:


  • d2d4j
    replied
    Hi Nathan

    Many thanks

    I suspect there maybe other uses on stable, who patch and is unpatched on next IW update

    I will check tommorow but I do not think our respositories have been updated yet

    Many thanks and you guys rock

    John

    Leave a comment:


  • IWorx-Nathan
    replied
    The patched version was just released. This update also re-enabled mod_watch.

    [root@nate3 ~]# rpm -q mod_watch
    mod_watch-4.3-106.rhe6x.iworx.p1.ru.x86_64

    Leave a comment:


  • d2d4j
    replied
    Hi Nathan
    Many thanks, glad your keeping on top of security
    I SSH into 2 servers and ran the update, but it could not find any updates
    I then logged into nodeworx, changed IW to Release Candidate, which it found the following
    mod_watch -- Bandwidth accounting for Apache 4.3 105.rhe6x.iworx.p1.ru interworx-stable 2016-09-03 17:10:46
    Updated
    Is this now patched
    Many thanks
    John

    Leave a comment:


  • A security vulnerability has been found in mod_watch

    A security vulnerability has been found in mod_watch. At this time we have no evidence that this vulnerability has been exploited and we have released a new mod_watch rpm that disables mod_watch. Unfortunately, this will prevent bandwidth calculation until a patch is available.

    Code:
    [root@nate3 ~]# yum update mod_watch
    [root@nate3 ~]# rpm -q mod_watch
    mod_watch-4.3-105.rhe6x.iworx.p1.ru.x86_64
Working...
X