Alerts This Week
Warning Icon 1 924
Alerts This Week
Warning Icon 1 924

openSUSE 15.1: 2020:0517-1 Moderate: nagios Denial Of Service Issues

opensuse
Calendar Grey April 14, 2020
Dist Opensuse Esm H88
Addresses several security flaws in nagios via an openSUSE security patch for enhanced system integrity and reliability.
An update that fixes 5 vulnerabilities is now available.

Description

This update for nagios to version 4.4.5 fixes the following issues:

- CVE-2019-3698: Symbolic link following vulnerability in the cronjob

allows local attackers to cause cause DoS or potentially escalate

privileges. (boo#1156309)

- CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report

(boo#1119832)

- CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of

service vulnerabilities caused by null pointer dereference (boo#1101293,

boo#1101289, boo#1101290).

This update was imported from the openSUSE:Leap:15.1:Update update project.

Topics%20covered

Topics Covered

security advisory moderate XSS DoS local attack nagios openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-517=1

Package List

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

nagios-4.4.5-bp151.4.3.1

nagios-contrib-4.4.5-bp151.4.3.1

nagios-devel-4.4.5-bp151.4.3.1

nagios-www-4.4.5-bp151.4.3.1

nagios-www-dch-4.4.5-bp151.4.3.1

- openSUSE Backports SLE-15-SP1 (noarch):

nagios-theme-exfoliation-4.4.5-bp151.4.3.1

References

https://www.suse.com/security/cve/CVE-2018-13441.html

https://www.suse.com/security/cve/CVE-2018-13457.html

https://www.suse.com/security/cve/CVE-2018-13458.html

https://www.suse.com/security/cve/CVE-2018-18245.html

https://www.suse.com/security/cve/CVE-2019-3698.html

https://bugzilla.suse.com/1028975

https://bugzilla.suse.com/1119832

https://bugzilla.suse.com/1156309

--

Announcement ID: openSUSE-SU-2020:0517-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP1

Topics%20covered

Topics Covered

security advisory moderate XSS DoS local attack nagios openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here