FEDORA-EPEL-2015-8156

security update in Fedora EPEL 6 for nagios

Status: obsolete

nagios-4.0.8-1.fc21 nagios-4.0.8-1.fc22 nagios-4.0.8-1.el6 nagios-4.0.8-1.el7 nagios-4.0.8-1.fc23

  • update to 4.0.8

Comments 7

This update has been submitted for testing by swilkerson.

This update has been pushed to testing.

swilkerson edited this update.

This update is just terrible: There is no working update path from previous packages, just updating leads to unusable Nagios due to changed paths, changed defaults and missing SELinux updates.

Directories /var/run/nagios and /var/log/nagios/rw are not packaged while /var/log/nagios/rw seems to be wrong (should be likely /var/lib/nagios or /var/spool/nagios, I would say).

allow nagios_t initrc_tmp_t:file write;
allow nagios_t self:capability chown;
allow nagios_system_plugin_t nagios_services_plugin_exec_t:file getattr;
allow nagios_system_plugin_t nagios_unconfined_plugin_exec_t:file getattr;
allow nagios_system_plugin_t ssh_exec_t:file getattr;
allow nagios_t nagios_exec_t:file execute_no_trans;
allow nagios_t nagios_log_t:sock_file { write create unlink };
karma: -1 #1074611: -1 #1075867: -1

This update has reached 17 days in testing and can be pushed to stable now if the maintainer wishes

It seems to me that this update has for certain been superseded by now? Is the maintainer still active? I would think it should be dropped and replaced by a newer update. It has been in testing for 398 days.

This update has been obsoleted by nagios-4.2.4-3.el6.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#469320 CVE-2008-4796 snoopy: command execution via shell metacharacters
#958002 CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage
#958305 CVE-2008-4796 snoopy: command execution via shell metacharacters [epel-6]
#994780 CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]
#1036331 [cosmetic] Double slash in Nagios' web interface URL
#1046113 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()
#1046333 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]
#1046335 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]
#1066580 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [fedora-all]
#1066582 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [epel-6]
#1074611 Consider using Nagios 4.x branch for EPEL7
#1075867 Upgrade to Nagios 4.x
#1083003 Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set
#1111720 use_embedded_perl_implicitly=1 by default is user-hostile
#1121499 CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]
#1201462 Update Nagios package to at least -5
#1201849 Support an environment file in the systemd unit file
Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
urgent
Karma
-1
Autopush
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
modified 3 years ago

Related Bugs 17

00 #469320 CVE-2008-4796 snoopy: command execution via shell metacharacters
00 #958002 CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage
00 #958305 CVE-2008-4796 snoopy: command execution via shell metacharacters [epel-6]
00 #994780 CVE-2013-4214 nagios: Nagios core: html/rss-newsfeed.php insecure temporary file usage [epel-6]
00 #1036331 [cosmetic] Double slash in Nagios' web interface URL
00 #1046113 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars()
00 #1046333 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [fedora-all]
00 #1046335 CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() [epel-6]
00 #1066580 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [fedora-all]
00 #1066582 CVE-2014-1878 nagios: possible buffer overflows in cmd.cgi [epel-6]
-10 #1074611 Consider using Nagios 4.x branch for EPEL7
-10 #1075867 Upgrade to Nagios 4.x
00 #1083003 Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set
00 #1111720 use_embedded_perl_implicitly=1 by default is user-hostile
00 #1121499 CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [fedora-all]
00 #1201462 Update Nagios package to at least -5
00 #1201849 Support an environment file in the systemd unit file

Automated Test Results