[SECURITY] Fedora 19 Update: rrdtool-1.4.8-2.fc19

updates at fedoraproject.org updates at fedoraproject.org
Tue Jun 18 06:22:55 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-10288
2013-06-07 15:22:20
--------------------------------------------------------------------------------

Name        : rrdtool
Product     : Fedora 19
Version     : 1.4.8
Release     : 2.fc19
URL         : http://oss.oetiker.ch/rrdtool/
Summary     : Round Robin Database Tool to store and display time-series data
Description :
RRD is the Acronym for Round Robin Database. RRD is a system to store and
display time-series data (i.e. network bandwidth, machine-room temperature,
server load average). It stores the data in a very compact way that will not
expand over time, and it presents useful graphs by processing the data to
enforce a certain data density. It can be used either via simple wrapper
scripts (from shell or Perl) or via frontends that poll network devices and
put a friendly user interface on it.

--------------------------------------------------------------------------------
Update Information:

This is an update that adds explicit check to the imginfo format. It may prevent crash/exploit of user space applications which pass user supplied format to the library call without checking. 
This is an new version of rrdtool that fixes several bugs. The main new feature of this release is that large graph expressions are processed magnitudes faster. For more details see the original announcement http://oss.oetiker.ch/rrdtool/forum.en.html#nabble-f937719
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #969310 - CVE-2013-2131 rrdtool: crashes on format string exploit [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=969310
  [ 2 ] Bug #966639 - rrdtool-1.4.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=966639
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update rrdtool' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list