UbuntuUpdates.org

Package "nagios3-common"

Name: nagios3-common

Description:

support files for nagios3
Latest version: 3.5.1-1ubuntu1.3
Release: trusty (14.04)
Level: security
Repository: main
Head package: nagios3
Homepage: http://www.nagios.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "nagios3-common"

All arch deb package
APT INSTALL

Other versions of "nagios3-common" in Trusty

Repository Area Version
base main 3.5.1-1ubuntu1
updates main 3.5.1-1ubuntu1.3

Changelog

Version: 3.5.1-1ubuntu1.3 2017-06-07 18:06:44 UTC

  nagios3 (3.5.1-1ubuntu1.3) trusty-security; urgency=medium

  * SECURITY REGRESSION: event log cannot open log file (LP: #1690380)
    - debian/patches/CVE-2016-9566-regression.patch: relax permissions on
      log files in base/logging.c.
    - debian/nagios3-common.postinst: fix permissions on existing log file.

 -- Marc Deslauriers <email address hidden> Tue, 06 Jun 2017 07:33:27 -0400
Source diff to previous version
1690380 \
CVE-2016-9566 base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink att

Version: 3.5.1-1ubuntu1.1 2017-04-03 18:06:54 UTC

  nagios3 (3.5.1-1ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: off-by-one errors leading to DoS or info disclosure
    - debian/patches/CVE-2013-7xxx.patch: fix off-by-ones and check length
      in cgi/avail.c, cgi/cmd.c, cgi/config.c, cgi/extinfo.c,
      cgi/histogram.c, cgi/notifications.c, cgi/outages.c, cgi/status.c,
      cgi/statusmap.c, cgi/statuswml.c, cgi/summary.c, cgi/trends.c,
      contrib/daemonchk.c.
    - CVE-2013-7108
    - CVE-2013-7205
  * SECURITY UPDATE: DoS via long message to cmd.cgi
    - debian/patches/CVE-2014-1878.patch: check len in cgi/cmd.c.
    - CVE-2014-1878
  * SECURITY UPDATE: symlink attack on log file
    - debian/patches/CVE-2016-9566.patch: safely handle log file in
      base/logging.c.
    - CVE-2016-9566

 -- Marc Deslauriers <email address hidden> Fri, 31 Mar 2017 15:28:59 -0400
CVE-2013-7108 Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote a
CVE-2013-7205 Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to
CVE-2014-1878 Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 befo
CVE-2016-9566 base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink att


About   -   Send Feedback to @ubuntu_updates