-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 17 Oct 2007 17:47:39 -0400 Source: nagios-plugins Binary: nagios-plugins nagios-plugins-basic nagios-plugins-standard Architecture: i386_translations i386 Version: 1.4.2-5ubuntu3.1 Distribution: dapper-security Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Jamie Strandboge Description: nagios-plugins - Plugins for the nagios network monitoring and management system nagios-plugins-basic - Plugins for the nagios network monitoring and management system nagios-plugins-standard - Plugins for the nagios network monitoring and management system Changes: nagios-plugins (1.4.2-5ubuntu3.1) dapper-security; urgency=low . * SECURITY UPDATE: denial of service via multiple redirects * debian/patches/23_SECURITY_LP153703.dpatch: fix off-by-one error to re-allocate the proper amount of memory in redir() * SECURITY UPDATE: denial of service and possible arbitrary code execution as the user in check_http.c via crafted Location Header * debian/patches/24_SECURITY_CVE-2007-5198.dpatch: properly validate Location header in redir(). Thanks to Luca Falavigna for preliminary patches. * References LP: #153703 CVE-2007-5198 LP: #152624 Files: 23d300cb4585debe59cc7652ee8b0732 64224 net extra nagios-plugins_1.4.2-5ubuntu3.1_i386.deb 1edb66f9f3d896f32604261ca5fc6de7 226406 net extra nagios-plugins-basic_1.4.2-5ubuntu3.1_i386.deb 665cc990cfc20064cd5df981e2836db7 142844 net extra nagios-plugins-standard_1.4.2-5ubuntu3.1_i386.deb d5054b451adc16b251d46264030f4378 118922 raw-translations - nagios-plugins_1.4.2-5ubuntu3.1_i386_translations.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD4DBQFHHDcC0N0xjzyQZEIRAuU/AJjz8G0ItV3PH6iPcwA2/J13G/v+AJ9uEeOz Fg/7eO15FNGXe028gqP3dg== =F8j2 -----END PGP SIGNATURE-----