[Bug 152624] Re: Buffer overflow in check_http.c (CVE-2007-5198)
Jamie Strandboge
jamie at ubuntu.com
Mon Oct 22 18:55:46 BST 2007
nagios-plugins (1.4.5-2ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: denial of service via multiple HTTPS redirects
* debian/patches/28_SECURITY_LP153697.dpatch: set SSL context and SSL
connection to NULL in np_net_ssl_cleanup()
* SECURITY UPDATE: denial of service via multiple redirects
* debian/patches/29_SECURITY_LP153703.dpatch: fix off-by-one error to
re-allocate the proper amount of memory in redir()
* SECURITY UPDATE: denial of service and possible arbitrary code execution
as the user in check_http.c via crafted Location Header
* debian/patches/30_SECURITY_CVE-2007-5198.dpatch: properly validate
Location header in redir(). Thanks to Luca Falavigna for preliminary
patches.
* References
LP: #153697
LP: #153703
CVE-2007-5198
LP: #152624
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- Jamie Strandboge <jamie at ubuntu.com> Wed, 17 Oct 2007 15:26:20
-0400
** Changed in: nagios-plugins (Ubuntu Feisty)
Status: In Progress => Fix Released
--
Buffer overflow in check_http.c (CVE-2007-5198)
https://bugs.launchpad.net/bugs/152624
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list