Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 27: FEDORA-2017-d270e932a3 Critical: Nagios Permission Issues

fedora
Calendar Grey November 15, 2017
Dist Fedora Esm H88
The latest update for the Nagios monitoring application in Fedora resolves significant security vulnerabilities and rectifies critical permission deficiencies.
Update to close CVE

Summary

Nagios is a program that will monitor hosts and services on your

network. It has the ability to send email or page alerts when a

problem arises and when a problem is resolved. Nagios is written

in C and is designed to run under Linux (and some other *NIX

variants) as a background process, intermittently running checks

on various services that you specify.

The actual service checks are performed by separate "plugin" programs

which return the status of the checks to Nagios. The plugins are

available at https://github.com/nagios-plugins/nagios-plugins

This package provides the core program, web interface, and documentation

files for Nagios. Development files are built as a separate package.

Update to close CVE

[ 1 ] Bug #1482481 - CVE-2017-12847 nagios: Incorrect permissions for PID file [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1482481

[ 2 ] Bug #1490859 - CVE-2017-14312 nagios: Incorrect file permissions leading to possible privilege escalation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1490859

[ 3 ] Bug #1480934 - nagios-4.3.4 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1480934

[ 4 ] Bug #1377884 - CVE-2016-6209 nagios: Reflected XSS vulnerability and possible phishing vector [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1377884

[ 5 ] Bug #1377885 - nagios: web interface vulnerable to Cross-Site Request Forgery attacks [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1377885

[ 6 ] Bug #1402870 - CVE-2016-9566 nagios: Privilege escalation issue [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1402870

[ 7 ] Bug #1405364 - CVE-2016-9565 nagios: Command injection via curl in MagpieRSS [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1405364

[ 8 ] Bug #1405703 - nagios package is old and has a bug after install using dnf

https://bugzilla.redhat.com/show_bug.cgi?id=1405703

su -c 'dnf upgrade nagios' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora privilege escalation permission issue nagios CVE closure

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 4.3.4
Release: 3.fc27
URL: https://www.nagios.org/projects/nagios-core/
Summary: Host/service/network monitoring program

Topics%20covered

Topics Covered

security advisory Fedora privilege escalation permission issue nagios CVE closure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here