Mailinglist Archive: opensuse-bugs (10046 mails)
| < Previous | Next > |
[Bug 231212] New: rrdtool 1.2.15 has a grave bug when graphing logarithmic data
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Mon, 1 Jan 2007 06:59:48 -0700 (MST)
- Message-id: <bug-231212-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=231212
Summary: rrdtool 1.2.15 has a grave bug when graphing logarithmic
data
Product: openSUSE 10.2
Version: Final
Platform: x86-64
OS/Version: UNIX Other
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: jo@xxxxxxxxxxx
QAContact: qa@xxxxxxx
The rrdtool version 1.2.15 (shipped with openSUSE 10.2) has a grave bug which
results to massive memory allocation when trying to graph data on a logarithmic
scale and the data processed is <= 0
rrdgraph will allocate an enormous amount of small memory chunks. When the
process isn't killed immediately, chances are very high that the machine runs
out of physical memory. If the rrdgraph process belongs to root, the machine
will stall.
There is a patch available (see
http://oss.oetiker.ch/rrdtool-trac/changeset/887), however no stable release
which includes this patch is available.
Since many monitoring sw (like cacti, munin, MRTG, ...) use rrdtool this bug
may cause serious problems. Depending on the configuration, this may even
escalate to a possible remote attack (forcing values <= 0 for any logarithmic
rrdgraph) resulting in a stalled machine.
The rrdtool 1.2.12 (shipped with openSUSE 10.1) are not affected, I don't know
about the versions in between.
Solution would be either to downgrade rrdtool or apply the patch until a new
stable version of rrdtool is released.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Summary: rrdtool 1.2.15 has a grave bug when graphing logarithmic
data
Product: openSUSE 10.2
Version: Final
Platform: x86-64
OS/Version: UNIX Other
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: jo@xxxxxxxxxxx
QAContact: qa@xxxxxxx
The rrdtool version 1.2.15 (shipped with openSUSE 10.2) has a grave bug which
results to massive memory allocation when trying to graph data on a logarithmic
scale and the data processed is <= 0
rrdgraph will allocate an enormous amount of small memory chunks. When the
process isn't killed immediately, chances are very high that the machine runs
out of physical memory. If the rrdgraph process belongs to root, the machine
will stall.
There is a patch available (see
http://oss.oetiker.ch/rrdtool-trac/changeset/887), however no stable release
which includes this patch is available.
Since many monitoring sw (like cacti, munin, MRTG, ...) use rrdtool this bug
may cause serious problems. Depending on the configuration, this may even
escalate to a possible remote attack (forcing values <= 0 for any logarithmic
rrdgraph) resulting in a stalled machine.
The rrdtool 1.2.12 (shipped with openSUSE 10.1) are not affected, I don't know
about the versions in between.
Solution would be either to downgrade rrdtool or apply the patch until a new
stable version of rrdtool is released.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
| < Previous | Next > |