BugTraq
[ MDVSA-2013:028 ] nagios Mar 18 2013 10:32AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:028
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : nagios
Date : March 18, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in nagios:

Multiple stack-based buffer overflows in the get_history function
in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before
1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote
attackers to execute arbitrary code via a long (1) host_name variable
(host parameter) or (2) svc_description variable (CVE-2012-6096).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6096
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
dabb598af3a93d05169d3dab9f12b69d mes5/i586/nagios-3.1.2-0.4mdvmes5.2.i586.rpm
df33f1ed27f9d74f3fa4ea5d4a347c70 mes5/i586/nagios-devel-3.1.2-0.4mdvmes5.2.i586.rpm
d1ea00c20f13f6d9aa7773f4f137ebeb mes5/i586/nagios-theme-default-3.1.2-0.4mdvmes5.2.i586.rpm
ab09d902b27ca0da9230b9cb4d9a5f8f mes5/i586/nagios-www-3.1.2-0.4mdvmes5.2.i586.rpm
b95930b57fbb2d8560e26132f53ca233 mes5/SRPMS/nagios-3.1.2-0.4mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
5d12b28e4d7f5a523c95853faade8325 mes5/x86_64/nagios-3.1.2-0.4mdvmes5.2.x86_64.rpm
a83093a3df1b226ed8c612091e4446e6 mes5/x86_64/nagios-devel-3.1.2-0.4mdvmes5.2.x86_64.rpm
ab9ed42f03f622cee342cffa2016a408 mes5/x86_64/nagios-theme-default-3.1.2-0.4mdvmes5.2.x86_64.rpm
091de2efcc2767e53be2a6206f58a0ed mes5/x86_64/nagios-www-3.1.2-0.4mdvmes5.2.x86_64.rpm
b95930b57fbb2d8560e26132f53ca233 mes5/SRPMS/nagios-3.1.2-0.4mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFRRsFbmqjQ0CJFipgRAtU2AJ42QBioKwJS6mwIfZbOl6phJZox9wCfcv1X
WgtsHlxL/pqZ5Ud5qh1OJnA=
=Mxrq
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus