| Summary: | nagios new security issue CVE-2014-1878 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | guillomovitch, shlomif, sysadmin-bugs, tmb |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/594740/ | ||
| Whiteboard: | MGA3TOO has_procedure advisory mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok | ||
| Source RPM: | nagios-4.0.2-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-04-11 18:02:09 CEST
David Walser
2014-04-11 18:02:15 CEST
Whiteboard:
(none) =>
MGA4TOO, MGA3TOO
David Walser
2014-04-14 17:40:42 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/594740/ Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated nagios packages fix security vulnerability: Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi (CVE-2014-1878). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1878 http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html ======================== Updated packages in core/updates_testing: ======================== nagios-3.4.4-4.3.mga3 nagios-www-3.4.4-4.3.mga3 nagios-devel-3.4.4-4.3.mga3 nagios-4.0.2-1.1.mga4 nagios-www-4.0.2-1.1.mga4 nagios-devel-4.0.2-1.1.mga4 from SRPMS: nagios-3.4.4-4.3.mga3.src.rpm nagios-4.0.2-1.1.mga4.src.rpm CC:
(none) =>
guillomovitch OK, what I did was: * Disabled updates_testing. * Installed task-nagios. (urpmi task-nagios) * "service nagios start". * Browse to http://localhost/nagios/ * Check the Tactical Overview * Check the Reports -> Availability. * Enable the updates_testing repository. * "urpmi nagios nagios-www nagios-devel". * "service nagios stop". * "service nagios start". * Check the http://localhost/nagios/ links again. Is this OK? I tested it on both MGA4-32 and MGA4-64 and everything worked in both cases. Regards, -- Shlomi Fish That'll do then Shlomi yes, thanks. You can configure a user and log in but it's not very user friendly. See bug 8799 comment 9 for more info. Whiteboard:
MGA3TOO =>
MGA3TOO mga4-32-ok mga4-64-ok
claire robinson
2014-04-22 16:42:51 CEST
Whiteboard:
MGA3TOO mga4-32-ok mga4-64-ok =>
MGA3TOO has_procedure mga4-32-ok mga4-64-ok (In reply to claire robinson from comment #4) > That'll do then Shlomi yes, thanks. You can configure a user and log in but > it's not very user friendly. See bug 8799 comment 9 for more info. Thanks. Now I checked it on MGA3-32 and MGA3-64 and it's OK there as well. Regards, -- Shlomi Fish Adding the keywords. Whiteboard:
MGA3TOO has_procedure mga4-32-ok mga4-64-ok =>
MGA3TOO has_procedure mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok Thanks Shlomi. Advisory uploaded. Validating. Could sysadmin please push to 3 & 4 updates Thanks Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2014-0186.html Status:
NEW =>
RESOLVED |