11706 – nagios new security issues CVE-2013-2029 and CVE-2013-4214

Bug 11706 - nagios new security issues CVE-2013-2029 and CVE-2013-4214

Summary: nagios new security issues CVE-2013-2029 and CVE-2013-4214

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Guillaume Rousse
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/574307/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-11-19 19:40 CET by David Walser
Modified:	2014-01-01 15:10 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	nagios-3.4.4-4.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-11-19 19:40:51 CET

RedHat has issued an advisory on November 18:
https://rhn.redhat.com/errata/RHSA-2013-1526.html

It is not clear if the versions in Mageia 2 or Cauldron are also affected.

Reproducible: 

Steps to Reproduce:

David Walser 2013-11-19 19:41:05 CET

CC: (none) => alien

Comment 1 Guillaume Rousse 2014-01-01 15:10:35 CET

CVE-2013-2029 affects a migration script (nagios.upgrade_to_v3.sh) we don't ship.
CVE-2013-4214 is related to a vulnerability that can only occurs if source code is modified, this is not worth the effort to correct it.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX

Note You need to log in before you can comment on or make changes to this bug.