Bug 16606 - nagios-plugins new security issues CVE-2014-470[1-3]
Summary: nagios-plugins new security issues CVE-2014-470[1-3]
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/654888/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-18 19:52 CEST by David Walser
Modified: 2015-09-15 00:18 CEST (History)
0 users

See Also:
Source RPM: nagios-plugins-1.4.16-9.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-08-18 19:52:41 CEST
Fedora has issued an advisory on August 7:
https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163974.html

Mageia 5 is already OK because it has version 2.0.3, in which these issues were fixed.

I'm not entirely certain that Mageia 4's old version is affected, but one reference said versions <= 2.0.1 were affected by at least one of the issues.  It's not clear how far back the affected functionality was available.

Reproducible: 

Steps to Reproduce:
David Walser 2015-09-04 20:16:42 CEST

Severity: normal => critical

Comment 1 David Walser 2015-09-15 00:18:59 CEST
It's too late to fix this for Mageia 4 now.

Status: NEW => RESOLVED
Resolution: (none) => OLD


Note You need to log in before you can comment on or make changes to this bug.