Updated nagios package fixes security vulnerability
Publication date: 17 Jan 2014Modification date: 17 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-7108 , CVE-2013-7205
Description
A flaw was reported and fixed in Nagios, which can be exploited to cause a
denial of service. This vulnerability is caused due to an off-by-one
error within the process_cgivars() function, which can be exploited to
cause an out-of-bounds read by sending a specially-crafted key value to the Nagios
web UI (CVE-2013-7108, CVE-2013-7205).
An issue that prevented the service from starting has also been fixed.
References
- https://bugs.mageia.org/show_bug.cgi?id=12100
- https://secunia.com/advisories/55976/
- http://openwall.com/lists/oss-security/2013/12/24/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1046113
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7205
SRPMS
3/core
- nagios-3.4.4-4.2.mga3