Advisories » MGASA-2014-0186

Updated nagios packages fix CVE-2014-1878

Publication date: 23 Apr 2014
Modification date: 23 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1878

Description

Updated nagios packages fix security vulnerability:

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in
Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9
before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a
denial of service (segmentation fault) via a long message to cmd.cgi
(CVE-2014-1878).
                

References

• http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html
• https://bugs.mageia.org/show_bug.cgi?id=13197
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1878

SRPMS

4/core

• nagios-4.0.2-1.1.mga4

3/core

• nagios-3.4.4-4.3.mga3