CVE-2013-7108

Bug #1279826 reported by Alexandros Kosiaris
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
icinga (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Won't Fix
Medium
Unassigned
Trusty
Fix Released
Undecided
Unassigned
Vivid
Fix Released
Undecided
Unassigned
Wily
Fix Released
Undecided
Unassigned
nagios3 (Ubuntu)
Confirmed
Low
Unassigned
Precise
Won't Fix
Low
Unassigned
Trusty
Confirmed
Low
Unassigned
Vivid
Confirmed
Low
Unassigned
Wily
Confirmed
Low
Unassigned

Bug Description

Seems like the version shipped in Ubuntu Precise suffers from CVE-2013-7108 (buffer overflows)
1) Description: Ubuntu 12.04.4 LTS
Release: 12.04
2) apt-cache policy icinga
icinga:
  Installed: 1.6.1-2
  Candidate: 1.6.1-2
  Version table:
 *** 1.6.1-2 0
        500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
        100 /var/lib/dpkg/status

A lot of info plus patches exist here:
https://dev.icinga.org/issues/5251

CVE References

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in icinga (Ubuntu):
status: New → Incomplete
information type: Private Security → Public Security
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Incidentally, there are more CVEs that affect icinga in our packaging: http://people.canonical.com/~ubuntu-security/cve/pkg/icinga.html

It would be best if whoever prepares fixes can address all the currently open CVEs.

Thanks

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for icinga (Ubuntu) because there has been no activity for 60 days.]

Changed in icinga (Ubuntu):
status: Incomplete → Expired
Simon Déziel (sdeziel)
Changed in icinga (Ubuntu):
status: Expired → Fix Released
Revision history for this message
Simon Déziel (sdeziel) wrote :

Seems like there was some confusion here. CVE-2013-7106 affected Icinga only but CVE-2013-7108 affects both Icinga and Nagios3.

CVE-2013-7108 is still unpatched for Nagios3

description: updated
Changed in icinga (Ubuntu Precise):
status: New → Confirmed
importance: Undecided → Medium
Changed in icinga (Ubuntu Trusty):
status: New → Fix Released
Changed in icinga (Ubuntu Vivid):
status: New → Fix Released
Changed in nagios3 (Ubuntu Precise):
importance: Undecided → Low
status: New → Confirmed
Changed in nagios3 (Ubuntu Trusty):
importance: Undecided → Low
status: New → Confirmed
Changed in nagios3 (Ubuntu Vivid):
importance: Undecided → Low
status: New → Confirmed
Changed in nagios3 (Ubuntu Wily):
importance: Undecided → Low
status: New → Confirmed
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in icinga (Ubuntu Precise):
status: Confirmed → Won't Fix
Steve Langasek (vorlon)
Changed in nagios3 (Ubuntu Precise):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.