Several security issues were fixed in netdata.
Software Description:
- netdata: real-time performance monitoring
Details:
It was discovered that Netdata incorrectly handled parsing JSON input,
which could lead to a JSON injection. An attacker could possibly use
this issue to execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2018-18836)
It was discovered that Netdata incorrectly handled parsing HTTP headers,
which could lead to a HTTP header injection. An attacker could possibly
use this issue to cause a denial of service or leak sensitive information.
This issue only affected Ubuntu 18.04 LTS. (CVE-2018-18837)
It was discovered that Netdata incorrectly handled parsing URLs, which
could lead to a log injection. An attacker could possibly use this issue
to consume system resources, resulting in a denial of service. This issue
only affected Ubuntu 18.04 LTS. (CVE-2018-18838)
It was discovered Netdata improperly authenticated API keys....
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 netdata-core 1.44.3-2ubuntu0.1 netdata-plugins-bash 1.44.3-2ubuntu0.1 netdata-web 1.44.3-2ubuntu0.1 Ubuntu 22.04 LTS netdata-core 1.33.1-1ubuntu1+esm1 Available with Ubuntu Pro netdata-plugins-bash 1.33.1-1ubuntu1+esm1 Available with Ubuntu Pro netdata-web 1.33.1-1ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS netdata-core 1.19.0-3ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS netdata 1.9.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro netdata-data 1.9.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro After a standard system update you need to restart Netdata to make all the necessary changes.
https://ubuntu.com/security/notices/USN-7250-1
CVE-2018-18836, CVE-2018-18837, CVE-2018-18838, CVE-2023-22497,
CVE-2024-23722, CVE-2024-34250, CVE-2024-34251
Get the latest Linux and open source security news straight to your inbox.