Due to a security vulnerability, you must upgrade your memcached application scripts to the latest version. (1.1)
2022-10-14 00:00:00 | Source: misc/notifications.rss
What must be done exactly for upgrade the scripts ¿? Thank you.
Ubuntu 22.04 LTS
Version
22.10.0-4-g34a58c3f9 - Tue Oct 18 2022 13:30:42 GMT+0200
Yeah the notification is worded in a really confusing way.
My understanding from reading the pull request is that memcached used to ship with LibreNMS server side, but it has been removed in 22.10.0 because of this vuln.
So, the notification is saying that if you use LibreNMS client side agent, and any of the agent checks that you use rely on memcached(?), then you have to update your check scripts since they are now broken.
It would be nice to get confirmation on this. I’m not a great developer so trying to make sense of the RSS notification or pull request has been a challenge.
It would seem to me that the notification relates to users who make use of the agent-local method of monitoring Memcached application on servers. There is a security vulnerability, and therefor any client side agent-local script (snmp extend) that you deployed on the servers running memcached, will need to have the updated code installed in order to ensure that your servers are not vulnerable to this exploit.
So, I’m not even remotely a developer, thanks @rocko and @Hans_Erasmus for the answers… but I still don’t understand if I have to do anything, I manage 2 separate and independent installs of librenms, one on Ubuntu 22.04 at work, and another one at home for testing on debian 11, both got this weird notification and even after reading this post (the only one in the whole internet [according to google] that has the same text) I have no clue if applies to me or not, I never installed any memcached script, I don’t even know what they are, I just installed it as per the install instructions at Installing LibreNMS - LibreNMS Docs
I’ll be very thankful if anyone could kindly be more clear about this.
Thank you again
This only matters to people who are using the LibreNMS agent to monitor memcached (memcached is installed on a different computer than LibreNMS)
If you are monitoring memcached using the LibreNMS agent, your memcached monitoring will have stopped working as of this latest LibreNMS update. To get it going again requires upgrading the memcached application
So it turns out the notification probably only affects a small group of users.
This was discussed a bit on the LibreNMS Discord, here are the relevant parts: