Advisories » MGASA-2017-0045

Updated nagios packages fix security vulnerabilities

Publication date: 11 Feb 2017
Modification date: 11 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9565 , CVE-2016-9566

Description

The nagios package has been patched to fix the following issues:

Improper sanitization of RSS feed input enables unauthenticated remote
read and write of arbitrary files (CVE-2016-9565).

Unsafe logfile handling allows unprivileged users to escalate their
privileges to root (CVE-2016-9566).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19989
• http://openwall.com/lists/oss-security/2016/12/20/4
• http://openwall.com/lists/oss-security/2016/12/20/5
• https://lwn.net/Alerts/709639/
• https://www.cve.org/CVERecord?id=CVE-2016-9565
• https://www.cve.org/CVERecord?id=CVE-2016-9566

SRPMS

5/core

• nagios-4.0.8-3.1.mga5