FEDORA-EPEL-2015-8156

security update in Fedora EPEL 6 for nagios

Status: obsolete

nagios-4.0.8-1.fc21 nagios-4.0.8-1.fc22 nagios-4.0.8-1.el6 nagios-4.0.8-1.el7 nagios-4.0.8-1.fc23

  • update to 4.0.8

Comments 7

This update has been submitted for testing by swilkerson.

This update has been pushed to testing.

swilkerson edited this update.

This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.

Directories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).

allow nagios_t initrc_tmp_t:file write;
allow nagios_t self:capability chown;
allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;
allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;
allow nagios_system_plugin_t ssh_exec_t:file getattr;
allow nagios_t nagios_exec_t:file execute_no_trans;
allow nagios_t nagios_log_t:sock_file { write create unlink };
karma: -1 #1074611: -1 #1075867: -1

This update has reached 17 days in testing and can be pushed to stable now if the maintainer wishes

It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.

This update has been obsoleted by nagios-4.2.4-3.el6.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#469320 CVE-2008-4796 snoopy: command execution via shell metacharacters
#958305 CVE-2008-4796 snoopy: command execution via shell metacharacters [epel-6]
#958002 CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage
#994780 CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]
#1036331 [cosmetic] Double slash in Nagios' web interface URL
#1046335 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]
#1046113 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()
#1066582 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [epel-6]
#1111720 use_embedded_perl_implicitly=1 by default is user-hostile
#1083003 Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set
#1201462 Update Nagios package to at least -5
#1074611 Consider using Nagios 4.x branch for EPEL7
#1201849 Support an environment file in the systemd unit file
#1121499 CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]
#1075867 Upgrade to Nagios 4.x
#1066580 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [fedora-all]
#1046333 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]
Is the update generally functional?
Content Type
RPM
Status
obsolete
Test Gating Status
Tests not running
Submitted by
Update Type
security
Update Severity
urgent
Karma
-1
Autopush
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
modified 2 years ago

Related Bugs 17

00 #469320 CVE-2008-4796 snoopy: command execution via shell metacharacters
00 #958305 CVE-2008-4796 snoopy: command execution via shell metacharacters [epel-6]
00 #958002 CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage
00 #994780 CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]
00 #1036331 [cosmetic] Double slash in Nagios' web interface URL
00 #1046335 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]
00 #1046113 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()
00 #1066582 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [epel-6]
00 #1111720 use_embedded_perl_implicitly=1 by default is user-hostile
00 #1083003 Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set
00 #1201462 Update Nagios package to at least -5
-10 #1074611 Consider using Nagios 4.x branch for EPEL7
00 #1201849 Support an environment file in the systemd unit file
00 #1121499 CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]
-10 #1075867 Upgrade to Nagios 4.x
00 #1066580 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [fedora-all]
00 #1046333 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.