From d473a706836012853193afc7000922601e4ada61 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Thu, 19 Oct 2017 17:57:29 +0100 Subject: gentoo resync : 19.10.2017 --- metadata/glsa/glsa-201710-20.xml | 60 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 metadata/glsa/glsa-201710-20.xml (limited to 'metadata/glsa/glsa-201710-20.xml') diff --git a/metadata/glsa/glsa-201710-20.xml b/metadata/glsa/glsa-201710-20.xml new file mode 100644 index 000000000000..d7af0c0ae9c4 --- /dev/null +++ b/metadata/glsa/glsa-201710-20.xml @@ -0,0 +1,60 @@ + + + + Nagios: Multiple vulnerabilities + Multiple vulnerabilities have been found in Nagios, the worst of + which could lead to the remote execution of arbitrary code. + + nagios + 2017-10-18 + 2017-10-18: 1 + 602216 + 628086 + local, remote + + + 4.3.3 + 4.3.3 + + + +

Nagios is an open source host, service and network monitoring program.

+ + +

Multiple vulnerabilities have been discovered in Nagios. Please review + the referenced CVE identifiers for details. +

+ + + +

A remote attacker could possibly escalate privileges to root, thus + allowing the execution of arbitrary code, by leveraging CVE-2016-9565. + Additionally, a local attacker could cause a Denial of Service condition + against arbitrary processes due to the improper dropping of privileges. +

+ + +

There is no known workaround at this time.

+ + +

All Nagios users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-4.3.3" + + + + + CVE-2016-9565 + + + CVE-2016-9566 + + + CVE-2017-12847 + + + BlueKnight + chrisadr + -- cgit v1.2.3