MGASA-2021-0209 Updated nagios packages fix a security vulnerability

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files CVE-2020-13977...

MGASA-2017-0437 Updated nagios packages fix security vulnerability

It was found that nagios daemon creates its PID file after dropping privileges, which allows to change its content by non-root user with PID of any other process, resulting into denial-of-service when daemon is stopped CVE-2017-12847. Note that the nagios package on Mageia 5 is no longer supporte...

MGASA-2017-0045 Updated nagios packages fix security vulnerabilities

The nagios package has been patched to fix the following issues: Improper sanitization of RSS feed input enables unauthenticated remote read and write of arbitrary files CVE-2016-9565. Unsafe logfile handling allows unprivileged users to escalate their privileges to root CVE-2016-9566...

MGASA-2014-0186 Updated nagios packages fix CVE-2014-1878

Updated nagios packages fix security vulnerability: Stack-based buffer overflow in the cmdsubmitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service segmentatio...