Accepted nagios3 3.5.1.dfsg-2+deb8u1 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Dec 2018 16:23:03 +0100
Source: nagios3
Binary: nagios3-common nagios3-cgi nagios3 nagios3-core nagios3-doc nagios3-dbg
Architecture: source amd64 all
Version: 3.5.1.dfsg-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
nagios3 - host/service/network monitoring and management system
nagios3-cgi - cgi files for nagios3
nagios3-common - support files for nagios3
nagios3-core - host/service/network monitoring and management system core files
nagios3-dbg - debugging symbols and debug stuff for nagios3
nagios3-doc - documentation for nagios3
Changes:
nagios3 (3.5.1.dfsg-2+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix the following security vulnerabilities:
- CVE-2018-18245:
Maximilian Boehner of usd AG found a cross-site scripting (XSS)
vulnerability in Nagios Core. This vulnerability allows attackers to
place malicious JavaScript code into the web frontend through
manipulation of plugin output. In order to do this the attacker needs to
be able to manipulate the output returned by nagios checks, e.g. by
replacing a plugin on one of the monitored endpoints. Execution of the
payload then requires that an authenticated user creates an alert summary
report which contains the corresponding output.
- CVE-2016-9566:
It was discovered that local users with access to an account in the
nagios group are able to gain root privileges via a symlink attack on the
debug log file.
- CVE-2014-1878:
An issue was corrected that allowed remote attackers to cause a
stack-based buffer overflow and subsequently a denial of service
(segmentation fault) via a long message to cmd.cgi.
- CVE-2013-7205 | CVE-2013-7108:
A flaw was corrected in Nagios that could be exploited to cause a
denial-of-service. This vulnerability is induced due to an off-by-one
error within the process_cgivars() function, which can be exploited to
cause an out-of-bounds read by sending a specially-crafted key value to
the Nagios web UI.
Checksums-Sha1:
61ba0c7b306aae180ff39d76abde485d846c10ed 2601 nagios3_3.5.1.dfsg-2+deb8u1.dsc
7edc71aee5a5073438c65a3023b78f2142ef577a 1729143 nagios3_3.5.1.dfsg.orig.tar.gz
c3b7c713a6b45e8132fb0de4af1db8a64f33b2a1 73256 nagios3_3.5.1.dfsg-2+deb8u1.debian.tar.xz
82b2e293078dc20cdc0b26e3edc14b7ef1dd6c8e 832778 nagios3-cgi_3.5.1.dfsg-2+deb8u1_amd64.deb
1269c598ccf0aac1bcb0699e6b3c9be43ebc8ac9 1554 nagios3_3.5.1.dfsg-2+deb8u1_amd64.deb
85911e61446918a53e96302def55426c62c395c5 236384 nagios3-core_3.5.1.dfsg-2+deb8u1_amd64.deb
cfaef853377402af5053f975a411e8a327e24647 1568748 nagios3-dbg_3.5.1.dfsg-2+deb8u1_amd64.deb
9442e079fc428156a5e054605377003195e51008 77130 nagios3-common_3.5.1.dfsg-2+deb8u1_all.deb
582d3785a68738a293d901fc8cc831f2d12d20b1 27918 nagios3-doc_3.5.1.dfsg-2+deb8u1_all.deb
Checksums-Sha256:
09157f87a986e7113d44c7cb88b92317db111e1ad4d63b259712c114f0b293f7 2601 nagios3_3.5.1.dfsg-2+deb8u1.dsc
ec27cb8b2047071cca4be22fcec6edb7a7fb0ac131173d978cb3103ce6a1062a 1729143 nagios3_3.5.1.dfsg.orig.tar.gz
7f37769c2fe2281784d3d517adb38c85791fbdba7e9b58f52a4a81333fad2111 73256 nagios3_3.5.1.dfsg-2+deb8u1.debian.tar.xz
fc311b22ada2a1bceb7fda0d7dd35aee85db6b34167d3598c8b263f77c78420b 832778 nagios3-cgi_3.5.1.dfsg-2+deb8u1_amd64.deb
927d2c9679aadcca64926284247f5df7a52e0b6e792be5265e24f147f907ee44 1554 nagios3_3.5.1.dfsg-2+deb8u1_amd64.deb
b8b1985b3c835626bc37a6c1488b2155d325d08b4569e78fdb5d354a3a645d9d 236384 nagios3-core_3.5.1.dfsg-2+deb8u1_amd64.deb
87fb74e28d2daab3120322d486fa6a62e019941b511f5c2e1d84cca41cc4fc4f 1568748 nagios3-dbg_3.5.1.dfsg-2+deb8u1_amd64.deb
a4e261a6b110ff8cc683fc93dd5feb5980b75796aea47028869804e2a1bc8366 77130 nagios3-common_3.5.1.dfsg-2+deb8u1_all.deb
47c2038fdd44e47edff0a166b96f2145633fc71bc082d0677ad3e962f723e9cb 27918 nagios3-doc_3.5.1.dfsg-2+deb8u1_all.deb
Files:
968710c4f81f0ce0522dd4d4d93bb357 2601 net optional nagios3_3.5.1.dfsg-2+deb8u1.dsc
0ef4eb603ad991ac9bb6686d83e3cbb9 1729143 net optional nagios3_3.5.1.dfsg.orig.tar.gz
ee2c741122e8f31f53547445ddcc0a69 73256 net optional nagios3_3.5.1.dfsg-2+deb8u1.debian.tar.xz
04d68bc7ebbcd65d63f1838cc1429cf5 832778 net optional nagios3-cgi_3.5.1.dfsg-2+deb8u1_amd64.deb
89e1e16e3701e397cd42c318665c838c 1554 net optional nagios3_3.5.1.dfsg-2+deb8u1_amd64.deb
34e40eefb2a38eba889ca3cb6f469d5a 236384 net optional nagios3-core_3.5.1.dfsg-2+deb8u1_amd64.deb
565c34763ed68a9e11ef8d904ef905bd 1568748 debug extra nagios3-dbg_3.5.1.dfsg-2+deb8u1_amd64.deb
ddb8432394cb06766dd7a96712272d40 77130 net optional nagios3-common_3.5.1.dfsg-2+deb8u1_all.deb
fea1eccaa2eff9d0de5cb9a40f0089dc 27918 doc optional nagios3-doc_3.5.1.dfsg-2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwhCXBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkOugQANAcskp80Z15MR8Mg2ZzGmJf7wmWJUCkcVy+
quFi80UGzeXQX58Y1OVG3h4gg1aZHjtxELxusXOOtAI5h5lOd8c/Z8K+SpMpyVE+
RyUb39tWe1vPLuoHdwQr/5vYx1YjixQZqpmCeMJqvmkta0+Ze2O9bv1NlGvHIKBC
cK1mMN0SeIzizmCj+t5waw+TeHKOEvFVx/fD1K/TSFJwZTUExnzsI3Pfqh6/afCL
sR8YDV02/pCnCfUH9B1QkY6qHRbOiOrLDUrNn2EMUPMJLHnQuXNx94EACTS0td3X
uYAMNCG61Csp7GLdIqd58c+LkmJpVpquc+xUXwfHuUHgV/PrYYKr0sd1G8FL1o64
zBk+e4WHt4l2TA2Dtb97S587JkTVIC3oXGEPlcTv8JXkj170zf+W1gj/+3EyNSdS
BgFyykpEo77hZDk5csbtisUcLeN2VN6hXpC7ELFdpf84hhrumKSaiiz9WVfMY3AY
u6gozM2VqB3wwyjiCZgWrD9ulohQRi2ZUYbtDPXfDdMhQrTq+o2YFl7cxuAytB9i
yCJOXBizlobs1h4wVLPqiR5CepTHdXnIvbCY1XVCvmU8gzZfDmgv8wKVOjNKNADg
M7lOReyJ9x8DnnTVt/R8Mf8mCFGomkQR0GlTO9x6XxqVhrBBu4LaaU2cWZDgUQgM
NJDJSQ0b
=iUUQ
-----END PGP SIGNATURE-----
Reply to: