Summary: | net-analyzer/nagios buffer overflow with negative HTTP content_length (CVE-2006-2162) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.nagios.org/development/changelog.php | ||
Whiteboard: | B1? [glsa] DerCorny | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-05-03 12:09:59 UTC
arches please stable nagios-1.4 and nagios-core-1.4, thanks (it would also be nice to have some additional info about the impact here) I just added this version into portage in the last few hours. I'd rather wait a day or so to make sure there aren't any outstanding bugs that may crop up. This app is fairly important to a lot of people. I don't really think its a huge security-must-be-updated-now type of thing. But I'll let you guys make that decision. Oops, sorry about changing the subject back :) Well, 1.4 is working perfectly for me on 2 separate x86 hosts running stable, so as soon as the maintainer gives permission, I'm ready to stabilize this on x86. I haven't seen any bug reports, so I'd say go for it on stablizing 1.4. sparc stable. I noticed a minor dep bug in the ebuild and fixed it. I went ahead and marked it stable on x86 for nagios and nagios-core. Thanks, we are done then. btw, since the nagio-2.x branch is effected and fixed by 2.3, please also bump it to 2.3 and clear out all the other 2.x ebuilds if you haven't done so yet... btw 2: nagios-2* is package.masked. It is of course already bumped for the 2.x series too. Though old ebuilds are not cleaned. I will see about removing the older ebuilds sometime today or tomorrow. removed all versions beside 1.4 and 2.3 Thx everyone and fox2mike :-) GLSA 200605-07 |