Advisories ยป MGASA-2014-0010

Updated nagios package fixes security vulnerability

Publication date: 17 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-7108 , CVE-2013-7205


A flaw was reported and fixed in Nagios, which can be exploited to cause a
denial of service.  This vulnerability is caused due to an off-by-one
error within the process_cgivars() function, which can be exploited to
cause an out-of-bounds read by sending a specially-crafted key value to the Nagios
web UI (CVE-2013-7108, CVE-2013-7205).
An issue that prevented the service from starting has also been fixed.