This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. Please note: this issue affects multiple supported versions of Fedora EPEL. Only one tracking bug has been filed; please ensure that it is only closed when all affected versions are fixed. [bug automatically created by: add-tracking-bugs]
Please use the following update submission link to create the Bodhi request for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. Please also ensure that the "Close bugs when update is stable" option remains checked. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1089878,1089880
nrpe-2.15-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/nrpe-2.15-2.el6
Package nrpe-2.15-2.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing nrpe-2.15-2.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1292/nrpe-2.15-2.el6 then log in and leave karma (feedback).
nrpe-2.15-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
EPEL-5 remains vulnerable to this issue. No errata has been issued for EPEL-5, AFAIK. Exploits have been seen in the wild as well.
Created attachment 1065975 [details] Patch for EL5 This should apply cleanly to the el5 branch in git. I have not built this package, as I updated my few EL5 systems to 2.15-2 when I was hit by this vulnerability last year.
nrpe-2.15-6.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7940
nrpe-2.15-6.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7940
nrpe-2.15-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7939
nrpe-2.15-6.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15122
nrpe-2.15-6.fc21 has been pushed to the Fedora 21 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15123
nrpe-2.15-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15124
nrpe-2.15-7.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-15398
nrpe-2.15-7.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15398
nrpe-2.15-6.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
nrpe-2.15-6.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This was closed by bodhi inadvertently, I believe. There is still no patch or build for the el5 branch. I submitted a patch in comment #6. Are there any maintainers of nrpe reading this who could take a look and apply the patch if there are no issues? It's pretty straight forward as it's the same patch applied to the other branches. As I stated in comment #5, this has been actively exploited.
nrpe-2.15-7.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Once again, this was closed incorrectly by bodhi. I don't know why the Fedora updates would be referencing the EPEL bug in the first place, but they are. In any case, this issue is still unresolved on EL5. Does anyone care that it's been vulnerable and actively exploited for over a year?
Sorry Todd, I missed el5 package in the latest update, submitted new item to bodhi
nrpe-2.15-7.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8144
nrpe-2.15-7.el5 has been submitted as an update to Fedora EPEL 5. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8145
nrpe-2.15-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8146
nrpe-2.15-7.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8145
nrpe-2.15-7.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8144
nrpe-2.15-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update nrpe'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8146
nrpe-2.15-7.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
nrpe-2.15-7.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
nrpe-2.15-7.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days