Bug 697895

Summary: VUL-0: nagios: XSS in config.c
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: GeneralAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: lars.vogdt, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:11.4:42058
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2011-06-03 09:55:13 UTC
There is a security bug in package 'nagios'.

This information is from 'oss-security'.

This bug is public.

There is no coordinated release date (CRD) set.

CVE number: CVE-2011-2179
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2179

Original posting:

----------  Weitergeleitete Nachricht  ----------

Betreff: Re: [oss-security] CVE request: XSS in nagios
Datum: Donnerstag, 2. Juni 2011, 22:06:20
Von: Josh Bressers <bressers@redhat.com>
An:  oss-security@lists.openwall.com
Kopie:  coley <coley@mitre.org>

----- Original Message -----
> An XSS was reported in Nagios today. Could a CVE be assigned to this
> issue? Thanks.
> References:
> http://tracker.nagios.org/view.php?id=224
> http://seclists.org/bugtraq/2011/Jun/17
> https://bugzilla.redhat.com/show_bug.cgi?id=709871

Please use CVE-2011-2179.


Comment 1 Thomas Biege 2011-06-06 15:15:18 UTC
*** Bug 698171 has been marked as a duplicate of this bug. ***
Comment 2 Thomas Biege 2011-06-06 15:26:35 UTC
Comment 3 Ludwig Nussel 2011-07-05 07:06:43 UTC
the affected code in config.c was added in nagios 3.2.2, therefore only openSUSE 11.4 is affected.
Comment 5 Lars Vogdt 2011-07-05 11:46:31 UTC
~> osc rq list
 75406  State:new        By:lrupp        When:2011-07-05T13:45:06
        submit:          home:lrupp:branches:openSUSE:11.4:Update:Test/nagios  -> openSUSE:11.4:Update:Test
        Descr: - added nagios-3.2.3-CVE-2011-1523.patch to fix    CVE-2011-1523
               (bnc#682966) - patch fixes also CVE-2011-2179 (bnc#697895) 

=> reassigning
Comment 6 Bernhard Wiedemann 2011-07-05 12:00:24 UTC
This is an autogenerated message for OBS integration:
This bug (697895) was mentioned in
https://build.opensuse.org/request/show/75405 11.4 / nagios
https://build.opensuse.org/request/show/75406 11.4 / nagios
Comment 7 Swamp Workflow Management 2011-07-25 08:59:58 UTC
Update released for: nagios, nagios-debuginfo, nagios-debugsource, nagios-devel, nagios-www
openSUSE 11.4 (debug, i586, x86_64)
Comment 8 Matthias Weckbecker 2011-08-22 09:23:05 UTC
updates released