Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisorysoftware updatesecurity fixSUSE: 2024:1417-1 Important: NRPE Remote Command Execution
* bsc#1118590 * bsc#874743 Cross-References: * CVE-2014-2913 . # Security update for nrpe Announcement ID: SUSE-SU-2024:1417-1 Rating: important References: * bsc#1118590 * bsc#874743 Cross-References: * CVE-2014-2913 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for nrpe fixes the following issues: CVE-2014-2913: Fixed remote command execution when command arguments are enabled (bsc#1118590,bsc#874743) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1417=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1417=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1417=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * nrpe-debuginfo-2.15-6.6.1 * nrpe-2.15-6.6.1 * nrpe-debugsource-2.15-6.6.1 * monitoring-plugins-nrpe-2.15-6.6.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * nrpe-debuginfo-2.15-6.6.1 * nrpe-2.15-6.6.1 * nrpe-debugsource-2.15-6.6.1 * monitoring-plugins-nrpe-2.15-6.6.1 * monitoring-plugins-nrpe-debuginfo-2.15-6.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * nrpe-debuginfo-2.15-6.6.1 * nrpe-2.15-6.6.1 * nrpe-debugsource-2.15-6.6.1 * monitoring-plugins-nrpe-2.15-6.6.1 *monitoring-plugins-nrpe-debuginfo-2.15-6.6.1 ## References: * https://www.suse.com/security/cve/CVE-2014-2913.html * https://bugzilla.suse.com/show_bug.cgi?id=1118590 * https://bugzilla.suse.com/show_bug.cgi?id=874743 . SUSE issued an important advisory for nrpe, addressing remote command execution flaws with installation guidance.. SUSE Security Advisory,nrpe Update,Remote Execution Fix,Linux Patch Instructions. . Severity: Important. LinuxSecurity.com Team
Apr 24, 2024
•Important
SuSE
203
security advisorybuffer overflowcommand injectionMageia 7 Security Update: MGASA-2020-0247 for NRPE Issues
Advisory text to describe the update. Wrap lines at ~75 chars. Updated nrpe packages fix security vulnerabilities: . MGASA-2020-0247 - Updated nrpe packages fix security vulnerability Publication date: 10 Jun 2020 URL: https://advisories.mageia.org/MGASA-2020-0247.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-6581, CVE-2020-6582 Advisory text to describe the update. Wrap lines at ~75 chars. Updated nrpe packages fix security vulnerabilities: Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection (CVE-2020-6581). Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call (CVE-2020-6582). References: - https://bugs.mageia.org/show_bug.cgi?id=26482 - https://herolab.usd.de/security-advisories/usd-2020-0001/ - https://herolab.usd.de/security-advisories/usd-2020-0002/ - https://lists.fedoraproject.org/archives/list/
Jun 10, 2020
•Critical
Mageia
89
security advisorybuffer overflowFedoraFedora 32: nrpe Update FEDORA-2020-d436ed655f Critical: Command Injection
New upstream version, fixes CVEs. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-d436ed655f 2020-04-25 02:14:03.392967 --------------------------------------------------------------------------------Name : nrpe Product : Fedora 32 Version : 4.0.2 Release : 2.fc32 URL : https://www.nagios.org/ Summary : Host/service/network monitoring agent for Nagios Description : Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote (monitoring) host that uses the check_nrpe plugin. Various plugins that can be executed by the daemon are available at: https://sourceforge.net/projects/nagios-4-debian-plugins/ This package provides the core agent. --------------------------------------------------------------------------------Update Information: New upstream version, fixes CVEs --------------------------------------------------------------------------------ChangeLog: * Sun Apr 5 2020 Martin Jackson - 4.0.2-2 - New upstream version - Update patch for indlude_dir - Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion - Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection --------------------------------------------------------------------------------References: [ 1 ] Bug #1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1816805 [ 2 ] Bug #1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1816816 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2020-d436ed655f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 24, 2020
•Critical
Fedora
89
security advisorybuffer overflowFedoraFedora 31 nrpe Update FEDORA-2020-c3cbce63a0 Critical Issues Addressed
New upstream version, fix CVEs. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-c3cbce63a0 2020-04-13 17:24:06.774062 --------------------------------------------------------------------------------Name : nrpe Product : Fedora 31 Version : 4.0.2 Release : 2.fc31 URL : https://www.nagios.org/ Summary : Host/service/network monitoring agent for Nagios Description : Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote (monitoring) host that uses the check_nrpe plugin. Various plugins that can be executed by the daemon are available at: https://sourceforge.net/projects/nagios-4-debian-plugins/ This package provides the core agent. --------------------------------------------------------------------------------Update Information: New upstream version, fix CVEs --------------------------------------------------------------------------------ChangeLog: * Sun Apr 5 2020 Martin Jackson - 4.0.2-2 - New upstream version - Update patch for indlude_dir - Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion - Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection * Wed Jan 29 2020 Fedora Release Engineering - 3.2.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-c3cbce63a0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 13, 2020
•Critical
Fedora
89
security advisorybuffer overflowFedoraFedora 30: 2020-1c332effa3 Critical: nrpe Command Injection Risk
New upstream version, fix CVEs. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-1c332effa3 2020-04-13 16:45:10.937152 --------------------------------------------------------------------------------Name : nrpe Product : Fedora 30 Version : 4.0.2 Release : 2.fc30 URL : https://www.nagios.org/ Summary : Host/service/network monitoring agent for Nagios Description : Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote (monitoring) host that uses the check_nrpe plugin. Various plugins that can be executed by the daemon are available at: https://sourceforge.net/projects/nagios-4-debian-plugins/ This package provides the core agent. --------------------------------------------------------------------------------Update Information: New upstream version, fix CVEs --------------------------------------------------------------------------------ChangeLog: * Sun Apr 5 2020 Martin Jackson - 4.0.2-2 - New upstream version - Update patch for indlude_dir - Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion - Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection * Wed Jan 29 2020 Fedora Release Engineering - 3.2.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jul 26 2019 Stephen Smoogen - 3.2.1-9 - Try to make this work on el8 * Thu Jul 25 2019 Fedora Release Engineering - 3.2.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-1c332effa3' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 13, 2020
•Critical
Fedora
89
security advisoryFedoraremote executionFedora 23: NRPE Update – Critical Remote Execution Fixes
Use %configure macro as it deals with config.sub/guess and various flags properly ---- nrpe-2.15-6.el7 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 -. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-15398 2015-09-18 18:29:10.315886 -------------------------------------------------------------------------------- Name : nrpe Product : Fedora 23 Version : 2.15 Release : 7.fc23 URL : https://www.nagios.org/ Summary : Host/service/network monitoring agent for Nagios Description : Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote (monitoring) host that uses the check_nrpe plugin. Various plugins that can be executed by the daemon are available at: https://sourceforge.net/projects/nagios-4-debian-plugins/ This package provides the core agent. -------------------------------------------------------------------------------- Update Information: Use %configure macro as it deals with config.sub/guess and various flags properly ---- nrpe-2.15-6.el7 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc21 - Fix spec file for missing /usr/share/libtool/config/config.guess -------------------------------------------------------------------------------- References: [ 1 ] Bug #1239738 - nrpe: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1239738 [ 2 ] Bug #1089880 - CVE-2014-2913 nrpe: remote command execution when command arguments are enabled [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1089880 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update nrpe' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Sep 18, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!