Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 29: nagios Security Update FEDORA-2019-376ecc221c Critical DoS

fedora
Calendar Grey January 30, 2019
Dist Fedora Esm H88
Crucial Nagios upgrade resolves vital monitoring problems in Fedora 29, delivering robust remedies for various services.
Incorporate many fixes from Justin Paulsen THANKS!!! ---- Updates to nagios-4.4.2 which is a major update

Summary

Nagios is a program that will monitor hosts and services on your

network. It has the ability to send email or page alerts when a

problem arises and when a problem is resolved. Nagios is written

in C and is designed to run under Linux (and some other *NIX

variants) as a background process, intermittently running checks

on various services that you specify.

The actual service checks are performed by separate "plugin" programs

which return the status of the checks to Nagios. The plugins are

available at https://github.com/nagios-plugins/nagios-plugins

This package provides the core program, web interface, and documentation

files for Nagios. Development files are built as a separate package.

Incorporate many fixes from Justin Paulsen THANKS!!! ----Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441

CVE-2016-8641

* Wed Jan 16 2019 Stephen Smoogen - 4.4.3-1

- Incorporate many fixes from Justin Paulsen THANKS!!!

- Update to 4.4.3 for CVE fixes

- BZ#1661479

- BZ#1661480

- BZ#1665200

- BZ#1665201

- BZ#1665206

- BZ#1665207

- BZ#1665209

- BZ#1665210

- Fix BZ#1666209 Add RuntimeDirectory too systemd

* Fri Nov 30 2018 Stephen Smoogen - 4.4.2-3

- Remove systemd startup since built in works properly

- Incorporate fixes from patch14 into patch9

* Thu Nov 29 2018 Stephen Smoogen - 4.4.2-2

- Fix init-type and initdir for systemd and sysv

* Wed Nov 28 2018 Justin Paulsen 4.4.2-1

- Bumped to version 4.4.2

- Updated patches 0001,0002,0003,0006,0009,0010,0011 to reflect upstream changes

- Updates to nagios.spec (this file) to cleanup un-needed elements and

adjust/fix as required

- As a result of the cleanup I have added a patch nagios-0014-fix-resource.cfg-path.patch

[ 1 ] Bug #1661479 - CVE-2018-18245 nagios: Stored XSS via Plugin Output [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1661479

[ 2 ] Bug #1661480 - CVE-2018-18245 nagios: Stored XSS via Plugin Output [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1661480

[ 3 ] Bug #1665200 - CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1665200

[ 4 ] Bug #1665201 - CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1665201

[ 5 ] Bug #1665206 - CVE-2018-13457 nagios: NULL pointer dereference in qh_echo in base/query-handler.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1665206

[ 6 ] Bug #1665207 - CVE-2018-13457 nagios: NULL pointer dereference in qh_echo in base/query-handler.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1665207

[ 7 ] Bug #1665209 - CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1665209

[ 8 ] Bug #1665210 - CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1665210

[ 9 ] Bug #1666209 - Nagios cannot start after system reboot because of missing directory

https://bugzilla.redhat.com/show_bug.cgi?id=1666209

[ 10 ] Bug #1593048 - nagios-4.4.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1593048

[ 11 ] Bug #1647765 - Memory leak in nagios

https://bugzilla.redhat.com/show_bug.cgi?id=1647765

[ 12 ] Bug #1482407 - nagios-4.3.2-8.el7 crash caused by (potential) result size issue in wproc

https://bugzilla.redhat.com/show_bug.cgi?id=1482407

[ 13 ] Bug #1506423 - Nagios regularly crashes with SIGSEGV after couple of weeks of starting.

https://bugzilla.redhat.com/show_bug.cgi?id=1506423

[ 14 ] Bug #1592594 - nagios spool files in wrong location by default, causing SELinux violations

https://bugzilla.redhat.com/show_bug.cgi?id=1592594

su -c 'dnf upgrade --advisory FEDORA-2019-376ecc221c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory update critical Fedora DoS nagios service monitoring

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 4.4.3
Release: 1.fc29
URL: https://www.nagios.org/projects/nagios-core/
Summary: Host/service/network monitoring program

Topics%20covered

Topics Covered

security advisory update critical Fedora DoS nagios service monitoring

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here