Nom du paquet
nagios
Date
2013-03-18
Advisory ID
MDVSA-2013:028
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in nagios:

Multiple stack-based buffer overflows in the get_history function
in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before
1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote
attackers to execute arbitrary code via a long (1) host_name variable
(host parameter) or (2) svc_description variable (CVE-2012-6096).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 dabb598af3a93d05169d3dab9f12b69d  mes5/i586/nagios-3.1.2-0.4mdvmes5.2.i586.rpm
 df33f1ed27f9d74f3fa4ea5d4a347c70  mes5/i586/nagios-devel-3.1.2-0.4mdvmes5.2.i586.rpm
 d1ea00c20f13f6d9aa7773f4f137ebeb  mes5/i586/nagios-theme-default-3.1.2-0.4mdvmes5.2.i586.rpm
 ab09d902b27ca0da9230b9cb4d9a5f8f  mes5/i586/nagios-www-3.1.2-0.4mdvmes5.2.i586.rpm 
 b95930b57fbb2d8560e26132f53ca233  mes5/SRPMS/nagios-3.1.2-0.4mdvmes5.2.src.rpm

MES5 x86_64

 5d12b28e4d7f5a523c95853faade8325  mes5/x86_64/nagios-3.1.2-0.4mdvmes5.2.x86_64.rpm
 a83093a3df1b226ed8c612091e4446e6  mes5/x86_64/nagios-devel-3.1.2-0.4mdvmes5.2.x86_64.rpm
 ab9ed42f03f622cee342cffa2016a408  mes5/x86_64/nagios-theme-default-3.1.2-0.4mdvmes5.2.x86_64.rpm
 091de2efcc2767e53be2a6206f58a0ed  mes5/x86_64/nagios-www-3.1.2-0.4mdvmes5.2.x86_64.rpm 
 b95930b57fbb2d8560e26132f53ca233  mes5/SRPMS/nagios-3.1.2-0.4mdvmes5.2.src.rpm

References