OpenSuSE has issued an advisory today (April 11): http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
URL: (none) => http://lwn.net/Vulnerabilities/594740/
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated nagios packages fix security vulnerability: Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi (CVE-2014-1878). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1878 http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html ======================== Updated packages in core/updates_testing: ======================== nagios-3.4.4-4.3.mga3 nagios-www-3.4.4-4.3.mga3 nagios-devel-3.4.4-4.3.mga3 nagios-4.0.2-1.1.mga4 nagios-www-4.0.2-1.1.mga4 nagios-devel-4.0.2-1.1.mga4 from SRPMS: nagios-3.4.4-4.3.mga3.src.rpm nagios-4.0.2-1.1.mga4.src.rpm
CC: (none) => guillomovitchVersion: Cauldron => 4Assignee: guillomovitch => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Isn't there a procedure here: https://bugs.mageia.org/show_bug.cgi?id=8799 ?
CC: (none) => shlomif
OK, what I did was: * Disabled updates_testing. * Installed task-nagios. (urpmi task-nagios) * "service nagios start". * Browse to http://localhost/nagios/ * Check the Tactical Overview * Check the Reports -> Availability. * Enable the updates_testing repository. * "urpmi nagios nagios-www nagios-devel". * "service nagios stop". * "service nagios start". * Check the http://localhost/nagios/ links again. Is this OK? I tested it on both MGA4-32 and MGA4-64 and everything worked in both cases. Regards, -- Shlomi Fish
That'll do then Shlomi yes, thanks. You can configure a user and log in but it's not very user friendly. See bug 8799 comment 9 for more info.
Whiteboard: MGA3TOO => MGA3TOO mga4-32-ok mga4-64-ok
Whiteboard: MGA3TOO mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga4-32-ok mga4-64-ok
(In reply to claire robinson from comment #4) > That'll do then Shlomi yes, thanks. You can configure a user and log in but > it's not very user friendly. See bug 8799 comment 9 for more info. Thanks. Now I checked it on MGA3-32 and MGA3-64 and it's OK there as well. Regards, -- Shlomi Fish
Adding the keywords.
Whiteboard: MGA3TOO has_procedure mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok
Thanks Shlomi. Advisory uploaded. Validating. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok => MGA3TOO has_procedure advisory mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0186.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED