Bug 16606

Summary: nagios-plugins new security issues CVE-2014-470[1-3]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal    
Version: 4   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/654888/
Whiteboard:
Source RPM: nagios-plugins-1.4.16-9.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-08-18 19:52:41 CEST 
Fedora has issued an advisory on August 7:
https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163974.html

Mageia 5 is already OK because it has version 2.0.3, in which these issues were fixed.

I'm not entirely certain that Mageia 4's old version is affected, but one reference said versions <= 2.0.1 were affected by at least one of the issues.  It's not clear how far back the affected functionality was available.

Reproducible: 

Steps to Reproduce:
David Walser 2015-09-04 20:16:42 CEST

Severity: normal => critical

Comment 1 David Walser 2015-09-15 00:18:59 CEST 
It's too late to fix this for Mageia 4 now.

Status: NEW => RESOLVED
Resolution: (none) => OLD