Sicherheit: Mehrere Probleme in nagios

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2019-376ecc221c
2019-01-30 02:06:12.445567
-------------------------------------------------------------------------------
-

Name : nagios
Product : Fedora 29
Version : 4.4.3
Release : 1.fc29
URL : https://www.nagios.org/projects/nagios-core/
Summary : Host/service/network monitoring program
Description :
Nagios is a program that will monitor hosts and services on your
network. It has the ability to send email or page alerts when a
problem arises and when a problem is resolved. Nagios is written
in C and is designed to run under Linux (and some other *NIX
variants) as a background process, intermittently running checks
on various services that you specify.

The actual service checks are performed by separate "plugin" programs
which return the status of the checks to Nagios. The plugins are
available at https://github.com/nagios-plugins/nagios-plugins

This package provides the core program, web interface, and documentation
files for Nagios. Development files are built as a separate package.

-------------------------------------------------------------------------------
-
Update Information:

Incorporate many fixes from Justin Paulsen <petaris@gmail.com> THANKS!!!
----
Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441
CVE-2016-8641
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Jan 16 2019 Stephen Smoogen <smooge@fedoraproject.org> - 4.4.3-1
- Incorporate many fixes from Justin Paulsen <petaris@gmail.com>
THANKS!!!
- Update to 4.4.3 for CVE fixes
- BZ#1661479
- BZ#1661480
- BZ#1665200
- BZ#1665201
- BZ#1665206
- BZ#1665207
- BZ#1665209
- BZ#1665210
- Fix BZ#1666209 Add RuntimeDirectory too systemd
* Fri Nov 30 2018 Stephen Smoogen <smooge@fedoraproject.org> - 4.4.2-3
- Remove systemd startup since built in works properly
- Incorporate fixes from patch14 into patch9
* Thu Nov 29 2018 Stephen Smoogen <smooge@fedoraproject.org> - 4.4.2-2
- Fix init-type and initdir for systemd and sysv
* Wed Nov 28 2018 Justin Paulsen <petaris@gmail.com> 4.4.2-1
- Bumped to version 4.4.2
- Updated patches 0001,0002,0003,0006,0009,0010,0011 to reflect upstream
changes
- Updates to nagios.spec (this file) to cleanup un-needed elements and
adjust/fix as required
- As a result of the cleanup I have added a patch
nagios-0014-fix-resource.cfg-path.patch
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1661479 - CVE-2018-18245 nagios: Stored XSS via Plugin Output
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1661479
[ 2 ] Bug #1661480 - CVE-2018-18245 nagios: Stored XSS via Plugin Output
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1661480
[ 3 ] Bug #1665200 - CVE-2018-13441 nagios: NULL pointer dereference in
qh_help in base/query-handler.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665200
[ 4 ] Bug #1665201 - CVE-2018-13441 nagios: NULL pointer dereference in
qh_help in base/query-handler.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665201
[ 5 ] Bug #1665206 - CVE-2018-13457 nagios: NULL pointer dereference in
qh_echo in base/query-handler.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665206
[ 6 ] Bug #1665207 - CVE-2018-13457 nagios: NULL pointer dereference in
qh_echo in base/query-handler.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665207
[ 7 ] Bug #1665209 - CVE-2018-13458 nagios: NULL pointer dereference in
qh_core in base/query-handler.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665209
[ 8 ] Bug #1665210 - CVE-2018-13458 nagios: NULL pointer dereference in
qh_core in base/query-handler.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665210
[ 9 ] Bug #1666209 - Nagios cannot start after system reboot because of
missing directory
https://bugzilla.redhat.com/show_bug.cgi?id=1666209
[ 10 ] Bug #1593048 - nagios-4.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1593048
[ 11 ] Bug #1647765 - Memory leak in nagios
https://bugzilla.redhat.com/show_bug.cgi?id=1647765
[ 12 ] Bug #1482407 - nagios-4.3.2-8.el7 crash caused by (potential) result
size issue in wproc
https://bugzilla.redhat.com/show_bug.cgi?id=1482407
[ 13 ] Bug #1506423 - Nagios regularly crashes with SIGSEGV after couple of
weeks of starting.
https://bugzilla.redhat.com/show_bug.cgi?id=1506423
[ 14 ] Bug #1592594 - nagios spool files in wrong location by default,
causing SELinux violations
https://bugzilla.redhat.com/show_bug.cgi?id=1592594
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-376ecc221c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org