Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 132159 - net-analyzer/nagios buffer overflow with negative HTTP content_length (CVE-2006-2162)
Summary: net-analyzer/nagios buffer overflow with negative HTTP content_length (CVE-20...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1? [glsa] DerCorny
Depends on:
Reported: 2006-05-03 12:09 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-05-07 11:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-03 12:09:59 UTC
Bug fix for negative HTTP content_length header in CGIs
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-05-03 12:29:37 UTC
arches please stable nagios-1.4 and nagios-core-1.4, thanks

(it would also be nice to have some additional info about the impact here)
Comment 2 Lance Albertson (RETIRED) gentoo-dev 2006-05-03 13:48:13 UTC
I just added this version into portage in the last few hours. I'd rather wait a day or so to make sure there aren't any outstanding bugs that may crop up. This app is fairly important to a lot of people. I don't really think its a huge security-must-be-updated-now type of thing. But I'll let you guys make that decision.
Comment 3 Lance Albertson (RETIRED) gentoo-dev 2006-05-04 06:18:19 UTC
Oops, sorry about changing the subject back :)
Comment 4 Chris Gianelloni (RETIRED) gentoo-dev 2006-05-04 06:51:20 UTC
Well, 1.4 is working perfectly for me on 2 separate x86 hosts running stable, so as soon as the maintainer gives permission, I'm ready to stabilize this on x86.
Comment 5 Lance Albertson (RETIRED) gentoo-dev 2006-05-04 22:05:07 UTC
I haven't seen any bug reports, so I'd say go for it on stablizing 1.4.
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2006-05-05 10:03:14 UTC
sparc stable.
Comment 7 Lance Albertson (RETIRED) gentoo-dev 2006-05-05 12:40:00 UTC
I noticed a minor dep bug in the ebuild and fixed it. I went ahead and marked it stable on x86 for nagios and nagios-core.
Comment 8 Mark Loeser (RETIRED) gentoo-dev 2006-05-05 12:46:07 UTC
Thanks, we are done then.
Comment 9 Eldad Zack (RETIRED) gentoo-dev 2006-05-05 20:14:06 UTC
btw, since the nagio-2.x branch is effected and fixed by 2.3, please also bump it to 2.3 and clear out all the other 2.x ebuilds if you haven't done so yet...

Comment 10 Eldad Zack (RETIRED) gentoo-dev 2006-05-05 20:15:48 UTC
btw 2: nagios-2* is package.masked.
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-05 21:20:45 UTC
It is of course already bumped for the 2.x series too. Though old ebuilds are not cleaned.
Comment 12 Lance Albertson (RETIRED) gentoo-dev 2006-05-06 09:59:46 UTC
I will see about removing the older ebuilds sometime today or tomorrow.
Comment 13 Eldad Zack (RETIRED) gentoo-dev 2006-05-06 11:10:06 UTC
removed all versions beside 1.4 and 2.3
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-07 11:49:18 UTC
Thx everyone and fox2mike :-)

GLSA 200605-07