Advisories ยป MGASA-2020-0247

Updated nrpe packages fix security vulnerability

Publication date: 10 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-6581 , CVE-2020-6582

Description

Updated nrpe packages fix security vulnerabilities:

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example,
nasty_metachars interprets \n as the character \ and the character n
(not as the \n newline sequence). This can cause command injection
(CVE-2020-6581).

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by
interpretation of a small negative number as a large positive number
during a bzero call (CVE-2020-6582).
                

References

SRPMS

7/core