Mageia 2021-0209: nagios security update
Summary
Nagios 4.4.5 allows an attacker, who already has administrative access to
change the "URL for JSON CGIs" configuration setting, to modify the Alert
Histogram and Trends code via crafted versions of the archivejson.cgi,
objectjson.cgi, and statusjson.cgi files (CVE-2020-13977).
References
- https://bugs.mageia.org/show_bug.cgi?id=28557
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13977
Resolution
MGASA-2021-0209 - Updated nagios packages fix a security vulnerability
SRPMS
- 7/core/nagios-4.4.3-2.1.mga7