Bug 697895 - VUL-0: nagios: XSS in config.c
VUL-0: nagios: XSS in config.c
Status: RESOLVED FIXED
: 698171 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:11.4:42058
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-03 09:55 UTC by Thomas Biege
Modified: 2011-08-22 09:23 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2011-06-03 09:55:13 UTC
Hi.
There is a security bug in package 'nagios'.

This information is from 'oss-security'.

This bug is public.

There is no coordinated release date (CRD) set.

CVE number: CVE-2011-2179
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2179

Original posting:



----------  Weitergeleitete Nachricht  ----------

Betreff: Re: [oss-security] CVE request: XSS in nagios
Datum: Donnerstag, 2. Juni 2011, 22:06:20
Von: Josh Bressers <bressers@redhat.com>
An:  oss-security@lists.openwall.com
Kopie:  coley <coley@mitre.org>

----- Original Message -----
> An XSS was reported in Nagios today. Could a CVE be assigned to this
> issue? Thanks.
> 
> References:
> 
> http://tracker.nagios.org/view.php?id=224
> http://seclists.org/bugtraq/2011/Jun/17
> https://bugzilla.redhat.com/show_bug.cgi?id=709871
> 

Please use CVE-2011-2179.

Thanks.

-- 
    JB
Comment 1 Thomas Biege 2011-06-06 15:15:18 UTC
*** Bug 698171 has been marked as a duplicate of this bug. ***
Comment 2 Thomas Biege 2011-06-06 15:26:35 UTC
ping
Comment 3 Ludwig Nussel 2011-07-05 07:06:43 UTC
the affected code in config.c was added in nagios 3.2.2, therefore only openSUSE 11.4 is affected.
Comment 5 Lars Vogdt 2011-07-05 11:46:31 UTC
~> osc rq list
 75406  State:new        By:lrupp        When:2011-07-05T13:45:06
        submit:          home:lrupp:branches:openSUSE:11.4:Update:Test/nagios  -> openSUSE:11.4:Update:Test
        Descr: - added nagios-3.2.3-CVE-2011-1523.patch to fix    CVE-2011-1523
               (bnc#682966) - patch fixes also CVE-2011-2179 (bnc#697895) 


=> reassigning
Comment 6 Bernhard Wiedemann 2011-07-05 12:00:24 UTC
This is an autogenerated message for OBS integration:
This bug (697895) was mentioned in
https://build.opensuse.org/request/show/75405 11.4 / nagios
https://build.opensuse.org/request/show/75406 11.4 / nagios
Comment 7 Swamp Workflow Management 2011-07-25 08:59:58 UTC
Update released for: nagios, nagios-debuginfo, nagios-debugsource, nagios-devel, nagios-www
Products:
openSUSE 11.4 (debug, i586, x86_64)
Comment 8 Matthias Weckbecker 2011-08-22 09:23:05 UTC
updates released