Updated nagios package fixes security vulnerabilityPublication date: 17 Jan 2014
Affected Mageia releases : 3
CVE: CVE-2013-7108 , CVE-2013-7205
A flaw was reported and fixed in Nagios, which can be exploited to cause a denial of service. This vulnerability is caused due to an off-by-one error within the process_cgivars() function, which can be exploited to cause an out-of-bounds read by sending a specially-crafted key value to the Nagios web UI (CVE-2013-7108, CVE-2013-7205). An issue that prevented the service from starting has also been fixed.