Bug 469974

Summary: nagios: update to version 3.0.5
Product: [Fedora] Fedora Reporter: Jose Pedro Oliveira <jose.p.oliveira.oss>
Component: nagiosAssignee: Mike McGrath <mmcgrath>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 10CC: linux, mmcgrath, sebastian.gosenheimer, uwe, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-26 06:19:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 470840    

Description Jose Pedro Oliveira 2008-11-04 23:22:00 UTC
Description of problem:
Nagios 3.0.5 has just been released.


Additional info:
Major changes (from http://www.nagios.org/development/history/nagios-3x.php)

3.0.5 - 11/04/2008

    * Security fix for Cross Site Request Forgery (CSRF) bug reported by Tim Starling.
    * Sample audio files for CGIs removed from distribution
    * Fix for mutliline config file continuation bug
    * Minor fix to RPM spec file
    * Fix for AIX compiler warnings
    * Minor sample config file fix
    * Added documentation on CGI security issues

Comment 1 Jose Pedro Oliveira 2008-11-18 01:56:02 UTC
Someone should really update Nagios to version 3.0.5.

This is a security update. Details are available here:

  http://article.gmane.org/gmane.network.nagios.devel/5708

Comment 2 Jose Pedro Oliveira 2008-11-18 03:05:25 UTC
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028  (under review)

Comment 3 Jose Pedro Oliveira 2008-11-24 19:13:22 UTC
ping (SECURITY)

Comment 4 Mike McGrath 2008-11-24 19:29:03 UTC
On it now.

Comment 5 Fedora Update System 2008-11-24 21:26:06 UTC
nagios-3.0.5-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/nagios-3.0.5-1.fc10

Comment 6 Tomas Hoger 2008-11-25 07:48:00 UTC
(In reply to comment #2)
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028

Should actually be CVE-2008-5027, overall problem with CSRF is not yet fully resolved in 3.0.5:
  http://www.openwall.com/lists/oss-security/2008/11/13/2

Comment 7 Bug Zapper 2008-11-26 04:47:20 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 8 Fedora Update System 2008-11-26 06:19:34 UTC
nagios-3.0.5-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.