FEDORA-EPEL-2015-8156 — security update for nagios

obsolete

nagios-4.0.8-1.el6

FEDORA-EPEL-2015-8156 created by swilkerson 10 years ago for Fedora EPEL 6

nagios-4.0.8-1.fc21 nagios-4.0.8-1.fc22 nagios-4.0.8-1.el6 nagios-4.0.8-1.el7 nagios-4.0.8-1.fc23

update to 4.0.8

This update has been submitted for testing by swilkerson.

10 years ago

This update has been pushed to testing.

10 years ago

swilkerson edited this update.

10 years ago

robert commented & provided feedback 10 years ago

karma

This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.

Directories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).

allow nagios_t initrc_tmp_t:file write;
allow nagios_t self:capability chown;
allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;
allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;
allow nagios_system_plugin_t ssh_exec_t:file getattr;
allow nagios_t nagios_exec_t:file execute_no_trans;
allow nagios_t nagios_log_t:sock_file { write create unlink };

BZ#1074611 Consider using Nagios 4.x branch for EPEL7

BZ#1075867 Upgrade to Nagios 4.x

This update has reached 17 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

ttorling commented & provided feedback 9 years ago

It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.

This update has been obsoleted by nagios-4.2.4-3.el6.

8 years ago

Please log in to add feedback.

Metadata

Type

security

Severity

urgent

Karma

-1

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Thresholds

Minimum Karma

Minimum Testing

7 days

Dates

submitted

10 years ago

in testing

10 years ago

modified

10 years ago

Builds

nagios-4.0.8-1.el6

BZ#469320 CVE-2008-4796 snoopy: command execution via shell metacharacters

BZ#958002 CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage

BZ#958305 CVE-2008-4796 snoopy: command execution via shell metacharacters [epel-6]

BZ#994780 CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]

BZ#1036331 [cosmetic] Double slash in Nagios' web interface URL

BZ#1046113 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()

BZ#1046333 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]

BZ#1046335 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]

BZ#1066580 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [fedora-all]

BZ#1066582 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [epel-6]

BZ#1074611 Consider using Nagios 4.x branch for EPEL7

-1

BZ#1075867 Upgrade to Nagios 4.x

-1

BZ#1083003 Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set

BZ#1111720 use_embedded_perl_implicitly=1 by default is user-hostile

BZ#1121499 CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]

BZ#1201462 Update Nagios package to at least -5

BZ#1201849 Support an environment file in the systemd unit file

nagios-4.0.8-1.el6

Automated Test Results

None