openSUSE-SU-2021:0715-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0715-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:0715-1

Related

CVE-2016-6209
CVE-2020-13977

Published

2021-05-12T15:02:21Z

Modified

2021-05-12T15:02:21Z

Summary

Security update for nagios

Details

This update for nagios fixes the following issues:

new nagios-exec-start-post script to fix boo#1003362
fix nagiosupgrade.sh writing to log file in user controlled directory (boo#1182398). The nagiosupgrade.sh script writes the logfile directly below /var/log/

nagios was updated to 4.4.6:

Fixed Map display in Internet Explorer 11 (#714)
Fixed duplicate properties appearing in statusjson.cgi (#718)
Fixed NERD not building when enabled in ./configure (#723)
Fixed build process when using GCC 10 (#721)
Fixed postauth vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-13977, boo#1172794)
When using systemd, configuration will be verified before reloading (#715)
Fixed HARD OK states triggering on the maximum check attempt (#757)
Fix for CVE-2016-6209 (boo#989759) - The 'corewindow' parameter (as in bringing this to our attention go to Dawid Golunski (boo#1014637)

References

Affected packages

openSUSE:Leap 15.2 / nagios

Package

Name: nagios
Purl: pkg:rpm/opensuse/nagios&distro=openSUSE%20Leap%2015.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.6-lp152.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "nagios": "4.4.6-lp152.2.3.1",
            "nagios-devel": "4.4.6-lp152.2.3.1",
            "nagios-contrib": "4.4.6-lp152.2.3.1",
            "nagios-theme-exfoliation": "4.4.6-lp152.2.3.1",
            "nagios-www": "4.4.6-lp152.2.3.1",
            "nagios-www-dch": "4.4.6-lp152.2.3.1"
        }
    ]
}