[SECURITY] Fedora 22 Update: thermostat-1.2.2-7.fc22

updates at fedoraproject.org updates at fedoraproject.org
Tue Jun 9 15:02:50 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-8867
2015-05-27 10:14:23
--------------------------------------------------------------------------------

Name        : thermostat
Product     : Fedora 22
Version     : 1.2.2
Release     : 7.fc22
URL         : http://icedtea.classpath.org/thermostat/
Summary     : A monitoring and serviceability tool for OpenJDK
Description :
Thermostat is a monitoring and instrumentation tool for the Hotspot JVM,
with support for monitoring multiple JVM instances. The system is made
up of two processes: an Agent, which collects data, and a Client which
allows users to visualize this data. These components communicate via
a MongoDB-based storage layer. A pluggable agent and gui framework
allows for collection and visualization of performance data beyond that
which is included out of the box.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2015-3201
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 21 2015 Severin Gehwolf <sgehwolf at redhat.com> - 1.2.2-7
- Read mongodb credentials from separate file.
- Resolves: CVE-2015-3201
* Tue Mar 24 2015 Severin Gehwolf <sgehwolf at redhat.com> - 1.2.2-6
- Fix vm-stat bundle wiring issues.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1221989 - CVE-2015-3201 thermostat: world-readable configuration file containing credentials
        https://bugzilla.redhat.com/show_bug.cgi?id=1221989
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update thermostat' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list