From ${URL} : Description A vulnerability has been reported in Icinga, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error in the "cmd_submitf()" function (cgi/cmd.c) and can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 1.10.3, 1.9.5, and 1.8.6. Solution: Update to version 1.10.3, 1.9.5, or 1.8.6. Provided and/or discovered by: The vendor credits the GitHub security team and Dirkjan Bussink. Original Advisory: https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-1878 fixed in 1.10.3 / 1.9.5
There is no stable versions of icinga in tree. Also, there is no affected ones. Closing as noglsa
