Long standing security bugs fixed through update to version 1.6.21.
Category Archives: Security
Security
Bugtraq: Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness
Bugtraq: AirWatch Self Service Portal Username Parameter LDAP Injection
AirWatch Self Service Portal Username Parameter LDAP Injection
Bugtraq: Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection
Bugtraq: Lotus Protector for Mail Security remote code execution
Lotus Protector for Mail Security remote code execution
RHSA-2017:0862-1: Low: Red Hat Enterprise Linux 5 Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux 5.
This notification applies only to those customers subscribed to the channel for
Red Hat Enterprise Linux 5.
RHSA-2017:0863-1: Low: Red Hat Enterprise Linux 4 Extended Life Cycle Support Final Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux 4
Extended Life Cycle Support Add-On (ELS). This notification applies only to
those customers subscribed to the Extended Life Cycle Support (ELS) channel for
Red Hat Enterprise Linux 4.
RHSA-2017:0864-1: Low: Red Hat Enterprise Linux 7.1 Extended Update Support Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux
7.1 Extended Update Support (EUS). This notification applies only to those
customers subscribed to the Extended Update Support (EUS) channel for Red Hat
Enterprise Linux 7.1.
RHSA-2017:0861-1: Low: Red Hat Enterprise Linux 5.6 Advanced Mission Critical (AMC) Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux
5.6 Advanced Mission Critical (AMC). This notification applies only to those
customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat
Enterprise Linux 5.6.
USN-3253-1: Nagios vulnerabilities
Ubuntu Security Notice USN-3253-1
3rd April, 2017
nagios3 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in Nagios.
Software description
- nagios3
– host/service/network monitoring and management system
Details
It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)
It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)
Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A local attacker could possibly use this issue to
elevate privileges. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2016-9566)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
nagios3-core
3.5.1.dfsg-2.1ubuntu3.1
-
nagios3-cgi
3.5.1.dfsg-2.1ubuntu3.1
- Ubuntu 16.04 LTS:
-
nagios3-core
3.5.1.dfsg-2.1ubuntu1.1
-
nagios3-cgi
3.5.1.dfsg-2.1ubuntu1.1
- Ubuntu 14.04 LTS:
-
nagios3-core
3.5.1-1ubuntu1.1
-
nagios3-cgi
3.5.1-1ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.