Mageia 2021-0209: nagios security update | LinuxSecurity.com

Advisories

MGASA-2021-0209 - Updated nagios packages fix a security vulnerability

Publication date: 12 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0209.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-13977

Nagios 4.4.5 allows an attacker, who already has administrative access to
change the "URL for JSON CGIs" configuration setting, to modify the Alert
Histogram and Trends code via crafted versions of the archivejson.cgi,
objectjson.cgi, and statusjson.cgi files (CVE-2020-13977).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28557
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13977

SRPMS:
- 7/core/nagios-4.4.3-2.1.mga7

Mageia 2021-0209: nagios security update

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via cr...

Summary

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files (CVE-2020-13977).

References

- https://bugs.mageia.org/show_bug.cgi?id=28557

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13977

Resolution

MGASA-2021-0209 - Updated nagios packages fix a security vulnerability

SRPMS

- 7/core/nagios-4.4.3-2.1.mga7

Severity
Publication date: 12 May 2021
URL: https://advisories.mageia.org/MGASA-2021-0209.html
Type: security
CVE: CVE-2020-13977

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.