https://bugzilla.novell.com/show_bug.cgi?id=231212 Summary: rrdtool 1.2.15 has a grave bug when graphing logarithmic data Product: openSUSE 10.2 Version: Final Platform: x86-64 OS/Version: UNIX Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jo@feuersee.de QAContact: qa@suse.de The rrdtool version 1.2.15 (shipped with openSUSE 10.2) has a grave bug which results to massive memory allocation when trying to graph data on a logarithmic scale and the data processed is <= 0 rrdgraph will allocate an enormous amount of small memory chunks. When the process isn't killed immediately, chances are very high that the machine runs out of physical memory. If the rrdgraph process belongs to root, the machine will stall. There is a patch available (see http://oss.oetiker.ch/rrdtool-trac/changeset/887), however no stable release which includes this patch is available. Since many monitoring sw (like cacti, munin, MRTG, ...) use rrdtool this bug may cause serious problems. Depending on the configuration, this may even escalate to a possible remote attack (forcing values <= 0 for any logarithmic rrdgraph) resulting in a stalled machine. The rrdtool 1.2.12 (shipped with openSUSE 10.1) are not affected, I don't know about the versions in between. Solution would be either to downgrade rrdtool or apply the patch until a new stable version of rrdtool is released. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.