MGASA-2014-0010

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0010.html

Import Source

https://advisories.mageia.org/MGASA-2014-0010.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0010

Related

CVE-2013-7108
CVE-2013-7205

Published

2014-01-17T00:22:05Z

Modified

2014-01-17T00:22:01Z

Summary

Updated nagios package fixes security vulnerability

Details

A flaw was reported and fixed in Nagios, which can be exploited to cause a denial of service. This vulnerability is caused due to an off-by-one error within the process_cgivars() function, which can be exploited to cause an out-of-bounds read by sending a specially-crafted key value to the Nagios web UI (CVE-2013-7108, CVE-2013-7205). An issue that prevented the service from starting has also been fixed.

References

https://advisories.mageia.org/MGASA-2014-0010.html
https://bugs.mageia.org/show_bug.cgi?id=12100
https://secunia.com/advisories/55976/
http://openwall.com/lists/oss-security/2013/12/24/1
https://bugzilla.redhat.com/show_bug.cgi?id=1046113

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2014-0010

Affected packages