Advisories » MGASA-2014-0217

Updated nrpe packages fix CVE-2014-2913

Publication date: 14 May 2014
Modification date: 14 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2913

Description

Updated nrpe packages fix security vulnerability:

A remote, command execution flaw was discovered in Nagios NRPE when command
arguments are enabled. A remote attacker could use this flaw to execute
arbitrary commands (CVE-2014-2913).
                

References

• http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html
• https://bugs.mageia.org/show_bug.cgi?id=13306
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2913

SRPMS

3/core

• nrpe-2.14-1.2.mga3

4/core

• nrpe-2.15-2.1.mga4