Fedora has issued an advisory on July 7: https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111698.html Mageia 3 is also affected. The issue is fixed in 0.9.10. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Fixed in cauldron.
nagstamon-0.9.10-1.mga4.
Version: Cauldron => 3Whiteboard: MGA3TOO => (none)
A fixed 0.9.9-1.1.mga3 release is available in updates_testing.
Status: NEW => ASSIGNED
Thanks Guillaume! Advisory: ======================== Updated nagstamon package fixes security vulnerability: A user details information exposure flaw was found in the way Nagstamon performed automated requests to get information about available updates. Remote attackers could use this flaw to obtain user credentials for servers monitored by the desktop status monitor due to their improper (base64 encoding-based) encoding in the HTTP request, when the HTTP Basic authentication scheme was used (CVE-2013-4114). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4114 https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111698.html ======================== Updated packages in core/updates_testing: ======================== nagstamon-0.9.9-1.1.mga3 from nagstamon-0.9.9-1.1.mga3.src.rpm
CC: (none) => guillomovitchAssignee: guillomovitch => qa-bugs
Missing requires? $ nagstamon No module named egg.trayicon Could not load egg.trayicon, so you cannot put nagstamon statusbar into systray. Traceback (most recent call last): File "/usr/bin/nagstamon", line 88, in <module> output = GUI.GUI(conf=conf, servers=servers, Resources=Resources, debug_queue=debug_queue, GUILock=GUILock) File "/usr/lib/python2.7/site-packages/Nagstamon/GUI.py", line 115, in __init__ self._CreateOutputVisuals() File "/usr/lib/python2.7/site-packages/Nagstamon/GUI.py", line 192, in _CreateOutputVisuals gtk.window_set_default_icon_from_file(self.Resources + os.sep + "nagstamon" + self.BitmapSuffix) glib.GError: Failed to open file '/home/dave/resources/nagstamon.svg': No such file or directory This happens with both the release and updates testing versions.
CC: (none) => davidwhodgins
After installing gnome-python-extras, it still fails with the failure to open /home/dave/resources/nagstamon.svg.
Whiteboard: (none) => feedback
Dependency on pygtk2.0 added. Advisory: ======================== Updated nagstamon package fixes security vulnerability: A user details information exposure flaw was found in the way Nagstamon performed automated requests to get information about available updates. Remote attackers could use this flaw to obtain user credentials for servers monitored by the desktop status monitor due to their improper (base64 encoding-based) encoding in the HTTP request, when the HTTP Basic authentication scheme was used (CVE-2013-4114). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4114 https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111698.html ======================== Updated packages in core/updates_testing: ======================== nagstamon-0.9.9-1.2.mga3 from nagstamon-0.9.9-1.2.mga3.src.rpm
Whiteboard: feedback => (none)
There's a path search issue. In order to get it to start, I had to run ln -s /usr/lib/python2.7/site-packages/Nagstamon/resources $HOME/ As this is not a regression, I'll open a separate bug report for that later. Advisory 10779.adv updated in svn. I'll be testing i586 shortly.
$ nagstamon Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/Nagstamon/GUI.py", line 3530, in OK self.conf.SaveConfig(output=self.output) AttributeError: AuthenticationDialog instance has no attribute 'output' Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/Nagstamon/GUI.py", line 3530, in OK self.conf.SaveConfig(output=self.output) AttributeError: AuthenticationDialog instance has no attribute 'output' After selecting no, the the offer to download the latest version, that dialog closes, and the program continues running, but no icon shows in the system tray. While this is also not a regression, I don't see much point in pushing an update that doesn't work.
Assigning back to you David until this is ready, sorry. Thankyou.
Assignee: qa-bugs => luigiwalserWhiteboard: feedback => (none)
CC: (none) => qa-bugs
Assignee: luigiwalser => guillomovitch
I can't reproduce the error you have, all I have is the warning about the lack of systray support, otherwise it works as expected. Warning, the application windows is automatically minimised in the upper left part of your screen...
Given Comment 11, and the fact that this is a high severity security issue, I'm assigning this back to QA. We should probably push this and leave the other issues for further investigation later.
CC: qa-bugs => (none)Assignee: guillomovitch => qa-bugs
in VirtualBox default install nagstamon-0.9.9-1.mga3.noarch from core release [root@localhost wilcal]# urpmi nagstamon Package nagstamon-0.9.9-1.mga3.noarch is already installed I've duplicated falure mode mentioned in Comment 5 install nagstamon-0.9.9-1.2.mga3.noarch from core updates_testing [root@localhost wilcal]# urpmi nagstamon Package nagstamon-0.9.9-1.2.mga3.noarch is already installed I'm getting the same falure mode mentioned by David in Comment 9 Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
CC: (none) => wilcal.int
Testing mga3 64. I don't see any errors here apart from the usual ~/.fonts.conf being deprecated. I didn't configure nagios to connect to but clicking the links in the monitor opens the browser at a nagios URL on the host configured. It doesn't sit in the systray but on the screen as Guillaume mentioned. Testing complete for me. I'll try i586 too.
Whiteboard: (none) => mga3-64-ok
It does fail i586, which is strange for a noarch. It is a fresher system though. It was installed mga3 rather than upgraded from mga2, if that makes any difference. I'm guessing an environment variable or missing require.
As it's working under the right conditions, whatever they are, it makes sense to push it as per comment 12. It was failing the same as comment 8 for me on i586 where it failed for Dave x86_64. Bug 11086 created for the 'missing' svg. Dave could you please create a bug for your error in comment 9 if you haven't already. Validating. Could sysadmin please push from 3 core/updates_testing to updates. Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0262.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED