Bugzilla – Bug 697895
VUL-0: nagios: XSS in config.c
Last modified: 2011-08-22 09:23:05 UTC
Hi. There is a security bug in package 'nagios'. This information is from 'oss-security'. This bug is public. There is no coordinated release date (CRD) set. CVE number: CVE-2011-2179 CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2179 Original posting: ---------- Weitergeleitete Nachricht ---------- Betreff: Re: [oss-security] CVE request: XSS in nagios Datum: Donnerstag, 2. Juni 2011, 22:06:20 Von: Josh Bressers <bressers@redhat.com> An: oss-security@lists.openwall.com Kopie: coley <coley@mitre.org> ----- Original Message ----- > An XSS was reported in Nagios today. Could a CVE be assigned to this > issue? Thanks. > > References: > > http://tracker.nagios.org/view.php?id=224 > http://seclists.org/bugtraq/2011/Jun/17 > https://bugzilla.redhat.com/show_bug.cgi?id=709871 > Please use CVE-2011-2179. Thanks. -- JB
*** Bug 698171 has been marked as a duplicate of this bug. ***
ping
the affected code in config.c was added in nagios 3.2.2, therefore only openSUSE 11.4 is affected.
~> osc rq list 75406 State:new By:lrupp When:2011-07-05T13:45:06 submit: home:lrupp:branches:openSUSE:11.4:Update:Test/nagios -> openSUSE:11.4:Update:Test Descr: - added nagios-3.2.3-CVE-2011-1523.patch to fix CVE-2011-1523 (bnc#682966) - patch fixes also CVE-2011-2179 (bnc#697895) => reassigning
This is an autogenerated message for OBS integration: This bug (697895) was mentioned in https://build.opensuse.org/request/show/75405 11.4 / nagios https://build.opensuse.org/request/show/75406 11.4 / nagios
Update released for: nagios, nagios-debuginfo, nagios-debugsource, nagios-devel, nagios-www Products: openSUSE 11.4 (debug, i586, x86_64)
updates released