search

Linuxfabrik / monitoring-plugins

220+ check plugins for Icinga and other Nagios-compatible monitoring applications. Each plugin is a standalone command line tool (written in Python) that provides a specific type of check.
https://linuxfabrik.ch
The Unlicense
220 stars 51 forks source link

liblzma version #751

Closed wwuck closed 7 months ago

wwuck commented 7 months ago

Describe the solution you'd like

I've noticed that the linuxfabrik-monitoring-plugins deb package version 2023112901-1 contains liblzma.so.5.

Which version of liblzma is this? I would like to confirm that this library file is not vulnerable to CVE-2024-3094.

https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27

https://access.redhat.com/security/cve/CVE-2024-3094

https://nvd.nist.gov/vuln/detail/CVE-2024-3094

https://security-tracker.debian.org/tracker/CVE-2024-3094

https://lists.debian.org/debian-security-announce/2024/msg00057.html

Additional context

No response

markuslf commented 7 months ago

All package builds use the official distros, so the version of the shipped libs will always match those on vanilla Debian/Ubuntu/RHEL. The zip and tarballs are currently (20240404) built on RHEL7. So the versions are:

repo.linuxfabrik.ch

download.linuxfabrik.ch:

See also our Blog-Post https://www.linuxfabrik.ch/en/blog/linuxfabrik-monitoring-plugins-liblzma (same content).