You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa nagios

Sigurnosni nedostaci programskog paketa nagios

by - 0

openSUSE Security Update: Security update for nagios
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0500-1
Rating: moderate
References: #1028975 #1119832 #1156309
Cross-References: CVE-2018-13441 CVE-2018-13457 CVE-2018-13458
CVE-2018-18245 CVE-2019-3698
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for nagios to version 4.4.5 fixes the following issues:

– CVE-2019-3698: Symbolic link following vulnerability in the cronjob
allows local attackers to cause cause DoS or potentially escalate
privileges. (boo#1156309)
– CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report
(boo#1119832)
– CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of
service vulnerabilities caused by null pointer dereference (boo#1101293,
boo#1101289, boo#1101290).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-500=1

Package List:

– openSUSE Leap 15.1 (x86_64):

nagios-4.4.5-lp151.5.4.1
nagios-contrib-4.4.5-lp151.5.4.1
nagios-debuginfo-4.4.5-lp151.5.4.1
nagios-debugsource-4.4.5-lp151.5.4.1
nagios-devel-4.4.5-lp151.5.4.1
nagios-www-4.4.5-lp151.5.4.1
nagios-www-dch-4.4.5-lp151.5.4.1
nagios-www-debuginfo-4.4.5-lp151.5.4.1

– openSUSE Leap 15.1 (noarch):

nagios-theme-exfoliation-4.4.5-lp151.5.4.1

References:

https://www.suse.com/security/cve/CVE-2018-13441.html
https://www.suse.com/security/cve/CVE-2018-13457.html
https://www.suse.com/security/cve/CVE-2018-13458.html
https://www.suse.com/security/cve/CVE-2018-18245.html
https://www.suse.com/security/cve/CVE-2019-3698.html
https://bugzilla.suse.com/1028975
https://bugzilla.suse.com/1119832
https://bugzilla.suse.com/1156309


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libssh

Otkriven je sigurnosni nedostatak programske biblioteke libssh za operacijski sustav Gentoo. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izazivanje DoS stanja....

Close