10738 – nagios new security issue CVE-2013-2214

Bug 10738 - nagios new security issue CVE-2013-2214

Summary: nagios new security issue CVE-2013-2214

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Guillaume Rousse
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/558108/
Whiteboard:	MGA3TOO, MGA2TOO
Keywords:

Depends on:
Blocks:

Reported:	2013-07-09 00:45 CEST by David Walser
Modified:	2013-08-02 21:41 CEST (History)
CC List:	0 users

See Also:
Source RPM:	nagios-3.4.4-4.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-07-09 00:45:19 CEST

OpenSuSE has issued an advisory today (July 8):
http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html

Mageia 2 and Mageia 3 are also affected.

Reproducible: 

Steps to Reproduce:

David Walser 2013-07-09 00:45:28 CEST

Whiteboard: (none) => MGA3TOO, MGA2TOO

Comment 1 Guillaume Rousse 2013-07-17 20:58:25 CEST

According to the discussion on nagios bug tracker, this is not a bug, but an expected behaviour:
http://tracker.nagios.org/view.php?id=456

So I'd prefer to postpone any decision currently.

Comment 2 David Walser 2013-07-17 21:47:58 CEST

Thanks for looking at it Guillaume.  I checked the various bug reports and also see that this is still in the process of being investigated.  We can hold off.

Severity: normal => major

Comment 3 David Walser 2013-08-02 21:41:44 CEST

Closing as INVALID, per Vincent Danen's explanation:
http://openwall.com/lists/oss-security/2013/08/02/3

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.