Overview
Request 547334 revoked
This nagios update fixes three vulnerabilities and one
configuration issue:
+ CVE-2016-8641: fix a possible symlink attack for files/dirs
created by root (bsc#1011630 and bsc#1018047)
+ CVE-2016-0726: remove the pre-configured administrative
account with fixed password from the htpasswd file and
provide an empty one instead (boo#961115)
+ CVE-2016-9565: fix remote command injection by MITM the
RSS feeds (boo#1015744)
+ fix apache configuration to work also with latest
apache 2.4 (boo#984116)
Request History
lrupp created request
This nagios update fixes three vulnerabilities and one
configuration issue:
+ CVE-2016-8641: fix a possible symlink attack for files/dirs
created by root (bsc#1011630 and bsc#1018047)
+ CVE-2016-0726: remove the pre-configured administrative
account with fixed password from the htpasswd file and
provide an empty one instead (boo#961115)
+ CVE-2016-9565: fix remote command injection by MITM the
RSS feeds (boo#1015744)
+ fix apache configuration to work also with latest
apache 2.4 (boo#984116)
maintbot accepted review
ok
maintbot approved review
ok
abergmann declined request
The nagios.changes file mentions bsc#1011630 and bsc#1018047. CVE-2016-8641 is covered by bsc#1011630 but CVE-2016-10089 was not mentioned inside bug report. Please update the changes file to mention both CVEs and resubmit. Alex~
lrupp revoked request
