-
nagios3 (3.5.1.dfsg-2.1ubuntu5.2) zesty-security; urgency=medium
* SECURITY REGRESSION: event log cannot open log file (LP: #1690380)
- debian/patches/CVE-2016-9566-regression.patch: relax permissions on
log files in base/logging.c.
- debian/nagios3-common.postinst: fix permissions on existing log file.
-- Marc Deslauriers <email address hidden> Tue, 06 Jun 2017 07:28:33 -0400
-
nagios3 (3.5.1.dfsg-2.1ubuntu5.1) zesty; urgency=medium
* debian/patches/fix_permissions_for_hostgroups_reports.patch: Fix
permissions for hostgroups reports. Thanks to John C. Frickson
<email address hidden>. Closes LP: #1686768.
-- <email address hidden> (Aaron B. Russell) Fri, 12 May 2017 16:13:53 +0100
-
nagios3 (3.5.1.dfsg-2.1ubuntu5) zesty; urgency=medium
* SECURITY UPDATE: off-by-one errors leading to DoS or info disclosure
- debian/patches/CVE-2013-7xxx.patch: fix off-by-ones and check length
in cgi/avail.c, cgi/cmd.c, cgi/config.c, cgi/extinfo.c,
cgi/histogram.c, cgi/notifications.c, cgi/outages.c, cgi/status.c,
cgi/statusmap.c, cgi/statuswml.c, cgi/summary.c, cgi/trends.c,
contrib/daemonchk.c.
- CVE-2013-7108
- CVE-2013-7205
* SECURITY UPDATE: DoS via long message to cmd.cgi
- debian/patches/CVE-2014-1878.patch: check len in cgi/cmd.c.
- CVE-2014-1878
* SECURITY UPDATE: symlink attack on log file
- debian/patches/CVE-2016-9566.patch: safely handle log file in
base/logging.c.
- CVE-2016-9566
-- Marc Deslauriers <email address hidden> Fri, 31 Mar 2017 15:20:50 -0400
-
nagios3 (3.5.1.dfsg-2.1ubuntu4) zesty; urgency=medium
* No-change rebuild for perl 5.24 transition
-- Iain Lane <email address hidden> Mon, 24 Oct 2016 10:35:42 +0100
-
nagios3 (3.5.1.dfsg-2.1ubuntu3) yakkety; urgency=medium
* Build using dpkg-dev's hardening support.
-- Matthias Klose <email address hidden> Thu, 29 Sep 2016 21:17:07 +0200
