Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 22: FEDORA-2015-8867 critical: Thermostat Credential Exposure

fedora
Calendar Grey June 9, 2015
Dist Fedora Esm H88
A key update for the thermostat feature in Fedora 22 has been rolled out to mitigate risks of confidential data leakage.
Security fix for CVE-2015-3201

Summary

Thermostat is a monitoring and instrumentation tool for the Hotspot JVM,

with support for monitoring multiple JVM instances. The system is made

up of two processes: an Agent, which collects data, and a Client which

allows users to visualize this data. These components communicate via

a MongoDB-based storage layer. A pluggable agent and gui framework

allows for collection and visualization of performance data beyond that

which is included out of the box.

Update Information:

Security fix for CVE-2015-3201

Topics%20covered

Topics Covered

security advisory critical Fedora exploit credential exposure thermostat

Change Log

* Thu May 21 2015 Severin Gehwolf - 1.2.2-7 - Read mongodb credentials from separate file. - Resolves: CVE-2015-3201 * Tue Mar 24 2015 Severin Gehwolf - 1.2.2-6 - Fix vm-stat bundle wiring issues.

References


[ 1 ] Bug #1221989 - CVE-2015-3201 thermostat: world-readable configuration file containing credentials https://bugzilla.redhat.com/show_bug.cgi?id=1221989

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update thermostat' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: thermostat
Product: Fedora 22
Version: 1.2.2
Release: 7.fc22
URL: Summary : A monitoring and serviceability tool for OpenJDK

Topics%20covered

Topics Covered

security advisory critical Fedora exploit credential exposure thermostat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here