-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:028 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : nagios Date : March 18, 2013 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in nagios: Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable (CVE-2012-6096). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6096 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: dabb598af3a93d05169d3dab9f12b69d mes5/i586/nagios-3.1.2-0.4mdvmes5.2.i586.rpm df33f1ed27f9d74f3fa4ea5d4a347c70 mes5/i586/nagios-devel-3.1.2-0.4mdvmes5.2.i586.rpm d1ea00c20f13f6d9aa7773f4f137ebeb mes5/i586/nagios-theme-default-3.1.2-0.4mdvmes5.2.i586.rpm ab09d902b27ca0da9230b9cb4d9a5f8f mes5/i586/nagios-www-3.1.2-0.4mdvmes5.2.i586.rpm b95930b57fbb2d8560e26132f53ca233 mes5/SRPMS/nagios-3.1.2-0.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 5d12b28e4d7f5a523c95853faade8325 mes5/x86_64/nagios-3.1.2-0.4mdvmes5.2.x86_64.rpm a83093a3df1b226ed8c612091e4446e6 mes5/x86_64/nagios-devel-3.1.2-0.4mdvmes5.2.x86_64.rpm ab9ed42f03f622cee342cffa2016a408 mes5/x86_64/nagios-theme-default-3.1.2-0.4mdvmes5.2.x86_64.rpm 091de2efcc2767e53be2a6206f58a0ed mes5/x86_64/nagios-www-3.1.2-0.4mdvmes5.2.x86_64.rpm b95930b57fbb2d8560e26132f53ca233 mes5/SRPMS/nagios-3.1.2-0.4mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFRRsFbmqjQ0CJFipgRAtU2AJ42QBioKwJS6mwIfZbOl6phJZox9wCfcv1X WgtsHlxL/pqZ5Ud5qh1OJnA= =Mxrq -----END PGP SIGNATURE-----