Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu 17.04 USN-3253-2 Critical: Nagios Regression Issue Resolved

ubuntu
Calendar Grey June 7, 2017
Dist Ubuntu Esm H88
Solutions for Nagios issues caused by USN-3253-1 impacting various Ubuntu versions. Discover more.
USN-3253-1 introduced a regression in Nagios.

Summary

USN-3253-1 introduced a regression in Nagios.

Software Description:

- nagios3: host/service/network monitoring and management system

Details:

USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files

from being displayed in the web interface. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Nagios incorrectly handled certain long strings. A

remote authenticated attacker could use this issue to cause Nagios to

crash, resulting in a denial of service, or possibly obtain sensitive

information. (CVE-2013-7108, CVE-2013-7205)

It was discovered that Nagios incorrectly handled certain long messages to

cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to

crash, resulting in a denial of service. (CVE-2014-1878)

Dawid Golunski discovered that Nagios incorrectly handled symlinks when

accessing log files. A local attacker could possibly use this is...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  nagios3-cgi                     3.5.1.dfsg-2.1ubuntu5.2
  nagios3-core                    3.5.1.dfsg-2.1ubuntu5.2

Ubuntu 16.10:
  nagios3-cgi                     3.5.1.dfsg-2.1ubuntu3.3
  nagios3-core                    3.5.1.dfsg-2.1ubuntu3.3

Ubuntu 16.04 LTS:
  nagios3-cgi                     3.5.1.dfsg-2.1ubuntu1.3
  nagios3-core                    3.5.1.dfsg-2.1ubuntu1.3

Ubuntu 14.04 LTS:
  nagios3-cgi                     3.5.1-1ubuntu1.3
  nagios3-core                    3.5.1-1ubuntu1.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3253-2

https://ubuntu.com/security/notices/USN-3253-1

https://bugs.launchpad.net/ubuntu/+source/nagios3/+bug/1690380

Severity
critical
Lowest
Low
Medium
High
Critical

June 07, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.