FEDORA-EPEL-2015-8156 created by swilkerson 4 years ago for Fedora EPEL 6
obsolete

nagios-4.0.8-1.fc21 nagios-4.0.8-1.fc22 nagios-4.0.8-1.el6 nagios-4.0.8-1.el7 nagios-4.0.8-1.fc23

  • update to 4.0.8
This update has been submitted for testing by swilkerson. 4 years ago
This update has been pushed to testing. 4 years ago
swilkerson edited this update. 4 years ago
User Icon robert commented & provided feedback 4 years ago
karma

This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.

Directories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).

allow nagios_t initrc_tmp_t:file write;
allow nagios_t self:capability chown;
allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;
allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;
allow nagios_system_plugin_t ssh_exec_t:file getattr;
allow nagios_t nagios_exec_t:file execute_no_trans;
allow nagios_t nagios_log_t:sock_file { write create unlink };
BZ#1074611 Consider using Nagios 4.x branch for EPEL7
BZ#1075867 Upgrade to Nagios 4.x
This update has reached 17 days in testing and can be pushed to stable now if the maintainer wishes 4 years ago
User Icon ttorling commented & provided feedback 3 years ago

It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.

This update has been obsoleted by [nagios-4.2.4-3.el6](https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-270f6f4375). 2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
-1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
4 years ago
in testing
4 years ago
modified
4 years ago
BZ#469320 CVE-2008-4796 snoopy: command execution via shell metacharacters
0
0
BZ#958002 CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage
0
0
BZ#958305 CVE-2008-4796 snoopy: command execution via shell metacharacters [epel-6]
0
0
BZ#994780 CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]
0
0
BZ#1036331 [cosmetic] Double slash in Nagios' web interface URL
0
0
BZ#1046113 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()
0
0
BZ#1046333 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]
0
0
BZ#1046335 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]
0
0
BZ#1066580 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [fedora-all]
0
0
BZ#1066582 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [epel-6]
0
0
BZ#1074611 Consider using Nagios 4.x branch for EPEL7
-1
0
BZ#1075867 Upgrade to Nagios 4.x
-1
0
BZ#1083003 Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set
0
0
BZ#1111720 use_embedded_perl_implicitly=1 by default is user-hostile
0
0
BZ#1121499 CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]
0
0
BZ#1201462 Update Nagios package to at least -5
0
0
BZ#1201849 Support an environment file in the systemd unit file
0
0

Automated Test Results