Ubuntu

USN-3253-1: Nagios vulnerabilities

Ubuntu Security Notice USN-3253-1

3rd April, 2017

nagios3 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Nagios.

Software description

  • nagios3
    – host/service/network monitoring and management system

Details

It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)

It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)

Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A local attacker could possibly use this issue to
elevate privileges. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2016-9566)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
nagios3-core

3.5.1.dfsg-2.1ubuntu3.1
nagios3-cgi

3.5.1.dfsg-2.1ubuntu3.1
Ubuntu 16.04 LTS:
nagios3-core

3.5.1.dfsg-2.1ubuntu1.1
nagios3-cgi

3.5.1.dfsg-2.1ubuntu1.1
Ubuntu 14.04 LTS:
nagios3-core

3.5.1-1ubuntu1.1
nagios3-cgi

3.5.1-1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-7108,

CVE-2013-7205,

CVE-2014-1878,

CVE-2016-9566

Avira

Avira goes Prime time with its new all-in-one premium subscription service

Avira goes Prime time with its new all-in-one premium subscription service - Avira Prime

We have launched Avira Prime, the industry’s first all-in-one subscription service that provides you with convenient, no-obligation coverage for all of your online security, privacy, and performance needs. The Prime range of solutions cover the major operating systems for today’s growing portfolios of online devices, whether they run on Windows, Mac, iOS, or Android. With […]

The post Avira goes Prime time with its new all-in-one premium subscription service appeared first on Avira Blog.

Software and Security Information