MGASA-2013-0039
| Date: | February 8th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated nagios packages fixes the following:
Nagios Core's history.cgi is vulnerable to a buffer overflow because it
used sprintf on user-supplied data that was not restricted in size
(CVE-2012-6096).
Due to various protections of the operating system (history.cgi is
compiled with SSP, FORTIFY_SOURCE is enabled, etc.) this is not
believed to be exploitable and would result in a denial of service
to the user sending the input to history.cgi.
Updated Packages:
i586:
nagios-3.3.1-2.2.mga2.i586.rpm
nagios-devel-3.3.1-2.2.mga2.i586.rpm
nagios-theme-default-3.3.1-2.2.mga2.noarch.rpm
nagios-www-3.3.1-2.2.mga2.i586.rpm
nagios-debug-3.3.1-2.2.mga2.i586.rpm
x86_64:
nagios-3.3.1-2.2.mga2.x86_64.rpm
nagios-devel-3.3.1-2.2.mga2.x86_64.rpm
nagios-theme-default-3.3.1-2.2.mga2.noarch.rpm
nagios-www-3.3.1-2.2.mga2.x86_64.rpm
nagios-debug-3.3.1-2.2.mga2.x86_64.rpm
SRPMS:
nagios-3.3.1-2.2.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6096
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097239.html
https://bugs.mageia.org/show_bug.cgi?id=8799
