Advisories » MGASA-2014-0010

Updated nagios package fixes security vulnerability

Publication date: 17 Jan 2014
Modification date: 17 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-7108 , CVE-2013-7205

Description

A flaw was reported and fixed in Nagios, which can be exploited to cause a
denial of service.  This vulnerability is caused due to an off-by-one
error within the process_cgivars() function, which can be exploited to
cause an out-of-bounds read by sending a specially-crafted key value to the Nagios
web UI (CVE-2013-7108, CVE-2013-7205).
An issue that prevented the service from starting has also been fixed.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12100
• https://secunia.com/advisories/55976/
• http://openwall.com/lists/oss-security/2013/12/24/1
• https://bugzilla.redhat.com/show_bug.cgi?id=1046113
• https://www.cve.org/CVERecord?id=CVE-2013-7108
• https://www.cve.org/CVERecord?id=CVE-2013-7205

SRPMS

3/core

• nagios-3.4.4-4.2.mga3