Monitoring not running after installing latest security updates on Ubuntu - lh_table_new calloc failed



Bug in json-c library

After installing the latest security patches on your system Nagios and Naemon will most likely not work anymore. The Statusengine Event Broker which gets loaded into the monitoring core depends on the json-c library.

Unfortunately it seems like the patches that should fix security issues CVE-2020-12762 within json-c are causing the problem.

For now the easiest method is to downgrade to the old version of json-c to get your system up and running again.

As far as we know this bug only affects Ubuntu users.

Downgrade json-c

Ubuntu Bionic (18.04)

  1. Stop Nagios or Naemon
systemctl stop naemon
killall -9 naemon
  1. Downgrade json-c
apt install libjson-c-dev=0.12.1-1.3 libjson-c3=0.12.1-1.3
apt-mark hold libjson-c-dev libjson-c3
  1. Start Nagios or Naemon
systemctl start naemon

Ubuntu Xenial (16.04)

  1. Stop Nagios or Naemon
systemctl stop naemon
killall -9 naemon
  1. Downgrade json-c
apt install libjson-c2=0.11-4ubuntu2 libjson-c-dev=0.11-4ubuntu2 libjson0=0.11-4ubuntu2
apt-mark hold libjson-c-dev libjson-c2 libjson0
  1. Start Nagios or Naemon
systemctl start naemon

Debian Buster (10)

No action required. Debian Buster is not affected by this issue.

Debian Stretch (9)

No action required. Debian Buster is not affected by this issue.

Links