Updated nagios packages fix security vulnerability
Publication date: 01 Dec 2017Modification date: 01 Dec 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12847
Description
It was found that nagios daemon creates its PID file after dropping privileges, which allows to change its content by non-root user with PID of any other process, resulting into denial-of-service when daemon is stopped (CVE-2017-12847). Note that the nagios package on Mageia 5 is no longer supported. Users of this package should upgrade to Mageia 6.
References
SRPMS
6/core
- nagios-4.3.1-2.1.mga6