[Bug 152624] Re: Buffer overflow in check_http.c (CVE-2007-5198)

Jamie Strandboge jamie at ubuntu.com
Mon Oct 22 18:55:46 BST 2007


nagios-plugins (1.4.5-2ubuntu0.1) feisty-security; urgency=low

  * SECURITY UPDATE: denial of service via multiple HTTPS redirects
  * debian/patches/28_SECURITY_LP153697.dpatch: set SSL context and SSL
    connection to NULL in np_net_ssl_cleanup()
  * SECURITY UPDATE: denial of service via multiple redirects
  * debian/patches/29_SECURITY_LP153703.dpatch: fix off-by-one error to
    re-allocate the proper amount of memory in redir()
  * SECURITY UPDATE: denial of service and possible arbitrary code execution
    as the user in check_http.c via crafted Location Header
  * debian/patches/30_SECURITY_CVE-2007-5198.dpatch: properly validate
    Location header in redir(). Thanks to Luca Falavigna for preliminary
    patches.
  * References
    LP: #153697
    LP: #153703
    CVE-2007-5198
    LP: #152624
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <jamie at ubuntu.com>   Wed, 17 Oct 2007 15:26:20
-0400

** Changed in: nagios-plugins (Ubuntu Feisty)
       Status: In Progress => Fix Released

-- 
Buffer overflow in check_http.c (CVE-2007-5198)
https://bugs.launchpad.net/bugs/152624
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.



More information about the Ubuntu-universe-sponsors mailing list