[ubuntu/trusty-security] nagios3 3.5.1-1ubuntu1.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Apr 3 17:30:18 UTC 2017
nagios3 (3.5.1-1ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: off-by-one errors leading to DoS or info disclosure
- debian/patches/CVE-2013-7xxx.patch: fix off-by-ones and check length
in cgi/avail.c, cgi/cmd.c, cgi/config.c, cgi/extinfo.c,
cgi/histogram.c, cgi/notifications.c, cgi/outages.c, cgi/status.c,
cgi/statusmap.c, cgi/statuswml.c, cgi/summary.c, cgi/trends.c,
contrib/daemonchk.c.
- CVE-2013-7108
- CVE-2013-7205
* SECURITY UPDATE: DoS via long message to cmd.cgi
- debian/patches/CVE-2014-1878.patch: check len in cgi/cmd.c.
- CVE-2014-1878
* SECURITY UPDATE: symlink attack on log file
- debian/patches/CVE-2016-9566.patch: safely handle log file in
base/logging.c.
- CVE-2016-9566
Date: 2017-03-31 20:04:48.910747+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/nagios3/3.5.1-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list