Jan Wagner uploaded a new package for nagios3 which fixed the following
security problem:
CVE-2008-5028, SA32610 and Debian Bug #504894
Andreas Ericsson has discovered a vulnerability in Nagios, which can be
exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests to
"cmd.cgi" without performing any validity checks to verify the request. This
can be exploited to execute certain Nagios commands (e.g. to disable
notifications) when a logged-in administrator visits a malicious web site.
For the etch-backports distribution the problem has been fixed in
version 3.0.6-1~bpo40+1.
For the lenny distribution the problem will be fixed soon in
version 3.0.6-1.
For the sid distribution the problem has been fixed in
version 3.0.6-1.
If you don't use pinning (see [1]) you have to update nagios3
manually via "apt-get -t etch-backports install nagios".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | ia64 | nagios3-dbg | < 3.0.6-1 | nagios3-dbg_3.0.6-1_ia64.deb |
Debian | 5 | mips | nagios3-dbg | < 3.0.6-1 | nagios3-dbg_3.0.6-1_mips.deb |
Debian | 999 | amd64 | nagios3-dbg | < 3.0.6-1 | nagios3-dbg_3.0.6-1_amd64.deb |
Debian | 999 | i386 | nagios3-dbg | < 3.0.6-1 | nagios3-dbg_3.0.6-1_i386.deb |
Debian | 999 | sparc | nagios3 | < 3.0.6-1 | nagios3_3.0.6-1_sparc.deb |
Debian | 999 | powerpc | nagios3 | < 3.0.6-1 | nagios3_3.0.6-1_powerpc.deb |
Debian | 5 | hppa | nagios3-dbg | < 3.0.6-1 | nagios3-dbg_3.0.6-1_hppa.deb |
Debian | 5 | ia64 | nagios3-dbg | < 3.0.6-1 | nagios3-dbg_3.0.6-1_ia64.deb |
Debian | 5 | arm | nagios3-dbg | < 3.0.6-1 | nagios3-dbg_3.0.6-1_arm.deb |
Debian | 5 | s390 | nagios3 | < 3.0.6-1 | nagios3_3.0.6-1_s390.deb |