MGASA-2021-0209 - Updated nagios packages fix a security vulnerability

Publication date: 12 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0209.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-13977

Nagios 4.4.5 allows an attacker, who already has administrative access to
change the "URL for JSON CGIs" configuration setting, to modify the Alert
Histogram and Trends code via crafted versions of the archivejson.cgi,
objectjson.cgi, and statusjson.cgi files (CVE-2020-13977).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28557
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13977

SRPMS:
- 7/core/nagios-4.4.3-2.1.mga7