Updated nagios packages fix security vulnerabilities
Publication date: 11 Feb 2017Modification date: 11 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9565 , CVE-2016-9566
Description
The nagios package has been patched to fix the following issues:
Improper sanitization of RSS feed input enables unauthenticated remote
read and write of arbitrary files (CVE-2016-9565).
Unsafe logfile handling allows unprivileged users to escalate their
privileges to root (CVE-2016-9566).
References
- https://bugs.mageia.org/show_bug.cgi?id=19989
- http://openwall.com/lists/oss-security/2016/12/20/4
- http://openwall.com/lists/oss-security/2016/12/20/5
- https://lwn.net/Alerts/709639/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9566
SRPMS
5/core
- nagios-4.0.8-3.1.mga5