Overview

Request 892196 accepted

This Nagios upgrade sums up multiple security fixes and other important
changes.

Security issues fixed in this upgrade:
* bsc#1172794 / CVE-2020-13977: Fixed postauth vulnerabilities in
histogram.js, map.js, trends.js
* bsc#989759 / CVE-2016-6209 : The "corewindow" parameter has been
disabled by default
* bsc#1014637 / CVE-2016-9566 : Fixed another root privilege escalation
* bsc#1182398 : nagios_upgrade.sh writing to log file in user controlled
directory

Additional fixes:
* bsc#1003362 : new nagios-exec-start-post script
* Fixed Map display in Internet Explorer 11
* Fixed duplicate properties appearing in statusjson.cgi
* Fixed build process when using GCC 10
* Fixed HARD OK states triggering on the maximum check attempt

~

Leap Reviewbot's avatar
Leap Reviewbot (leaper) -

home:lrupp:branches:OBS_Maintained:nagios/nagios.openSUSE_Backports_SLE-15-SP1_Update@09b7a601049fc5f4fa144f7df8a275bd -> openSUSE:Backports:SLE-15-SP1:Update/nagios

expected origin is 'openSUSE:Leap:15.1' (changed)

Request History
Lars Vogdt's avatar

lrupp created request

This Nagios upgrade sums up multiple security fixes and other important
changes.

Security issues fixed in this upgrade:
* bsc#1172794 / CVE-2020-13977: Fixed postauth vulnerabilities in
histogram.js, map.js, trends.js
* bsc#989759 / CVE-2016-6209 : The "corewindow" parameter has been
disabled by default
* bsc#1014637 / CVE-2016-9566 : Fixed another root privilege escalation
* bsc#1182398 : nagios_upgrade.sh writing to log file in user controlled
directory

Additional fixes:
* bsc#1003362 : new nagios-exec-start-post script
* Fixed Map display in Internet Explorer 11
* Fixed duplicate properties appearing in statusjson.cgi
* Fixed build process when using GCC 10
* Fixed HARD OK states triggering on the maximum check attempt

~

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Saul Goodman's avatar

licensedigger accepted review

ok

Maintenance Bot's avatar

maintbot added factory-source as a reviewer

Maintenance Bot's avatar

maintbot accepted review

ok

Source in Factory Checker's avatar

factory-source added backports-reviewers as a reviewer

Automated review failed. Needs fallback reviewer.

Source in Factory Checker's avatar

factory-source accepted review

the package needs to be accepted in openSUSE:Factory or openSUSE:Factory or openSUSE:Factory or openSUSE:Factory first

Wolfgang Engel's avatar

bigironman accepted review

ok

Wolfgang Engel's avatar

bigironman approved review

ok

Wolfgang Engel's avatar

bigironman accepted request

ok

openSUSE Build Service is sponsored by
Places