UbuntuUpdates.org

Package "nagios3-core"

Name: nagios3-core

Description:

host/service/network monitoring and management system core files

Latest version: 3.5.1.dfsg-2.1ubuntu1.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: nagios3
Homepage: http://www.nagios.org/

Links


Download "nagios3-core"


Other versions of "nagios3-core" in Xenial

Repository Area Version
base main 3.5.1.dfsg-2.1ubuntu1
security main 3.5.1.dfsg-2.1ubuntu1.3

Changelog

Version: 3.5.1.dfsg-2.1ubuntu1.3 2017-06-07 18:06:48 UTC

  nagios3 (3.5.1.dfsg-2.1ubuntu1.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: event log cannot open log file (LP: #1690380)
    - debian/patches/CVE-2016-9566-regression.patch: relax permissions on
      log files in base/logging.c.
    - debian/nagios3-common.postinst: fix permissions on existing log file.

 -- Marc Deslauriers <email address hidden> Tue, 06 Jun 2017 07:32:56 -0400

Source diff to previous version
1690380 \
CVE-2016-9566 base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink att

Version: 3.5.1.dfsg-2.1ubuntu1.2 2017-06-01 21:06:36 UTC

  nagios3 (3.5.1.dfsg-2.1ubuntu1.2) xenial; urgency=medium

  * debian/patches/fix_permissions_for_hostgroups_reports.patch: Fix
    permissions for hostgroups reports. Thanks to John C. Frickson
    <email address hidden>. Closes LP: #1686768.

 -- <email address hidden> (Aaron B. Russell) Wed, 10 May 2017 22:43:53 +0100

Source diff to previous version
1686768 Restricted contacts can see servers that do not belong to them

Version: 3.5.1.dfsg-2.1ubuntu1.1 2017-04-03 19:06:57 UTC

  nagios3 (3.5.1.dfsg-2.1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: off-by-one errors leading to DoS or info disclosure
    - debian/patches/CVE-2013-7xxx.patch: fix off-by-ones and check length
      in cgi/avail.c, cgi/cmd.c, cgi/config.c, cgi/extinfo.c,
      cgi/histogram.c, cgi/notifications.c, cgi/outages.c, cgi/status.c,
      cgi/statusmap.c, cgi/statuswml.c, cgi/summary.c, cgi/trends.c,
      contrib/daemonchk.c.
    - CVE-2013-7108
    - CVE-2013-7205
  * SECURITY UPDATE: DoS via long message to cmd.cgi
    - debian/patches/CVE-2014-1878.patch: check len in cgi/cmd.c.
    - CVE-2014-1878
  * SECURITY UPDATE: symlink attack on log file
    - debian/patches/CVE-2016-9566.patch: safely handle log file in
      base/logging.c.
    - CVE-2016-9566

 -- Marc Deslauriers <email address hidden> Fri, 31 Mar 2017 15:28:21 -0400

CVE-2013-7108 Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote a
CVE-2013-7205 Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to
CVE-2014-1878 Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 befo
CVE-2016-9566 base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink att



About   -   Send Feedback to @ubuntu_updates