16606 – nagios-plugins new security issues CVE-2014-470[1-3]

Bug 16606 - nagios-plugins new security issues CVE-2014-470[1-3]

Summary: nagios-plugins new security issues CVE-2014-470[1-3]

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	4
Hardware:	i586 Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	Guillaume Rousse
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/654888/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-18 19:52 CEST by David Walser
Modified:	2015-09-15 00:18 CEST (History)
CC List:	0 users

See Also:
Source RPM:	nagios-plugins-1.4.16-9.mga4.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-08-18 19:52:41 CEST

Fedora has issued an advisory on August 7:
https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163974.html

Mageia 5 is already OK because it has version 2.0.3, in which these issues were fixed.

I'm not entirely certain that Mageia 4's old version is affected, but one reference said versions <= 2.0.1 were affected by at least one of the issues.  It's not clear how far back the affected functionality was available.

Reproducible: 

Steps to Reproduce:

David Walser 2015-09-04 20:16:42 CEST

Severity: normal => critical

Comment 1 David Walser 2015-09-15 00:18:59 CEST

It's too late to fix this for Mageia 4 now.

Status: NEW => RESOLVED
Resolution: (none) => OLD

Note You need to log in before you can comment on or make changes to this bug.