From ${URL} : Some potential issues discovered whilst auditing openstack & dependencies for tempfile vulnerabilities. Warning: nagios-3.4.4-1.el6ost/nagios/html/rss-newsfeed.php define('MAGPIE_CACHE_DIR', '/tmp/magpie_cache'); Magpie RSS cache dir is set to a fixed location in /tmp. The cached RSS content is then used to build html content that could be served to an end user. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
CVE-2013-4214 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4214): rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
Does not affect us: we ship with MAGPIE_CACHE_ON set to 0 in 3.5.1 (and this file does not exist in previous versions), and according to the Red Hat bug report this is not set in a configuration file and so would require an end user to go and modify rss-newsfeed.php.