Bug 1121500 - CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes for command execution flaws [epel-all] [NEEDINFO]
Summary: CVE-2014-5009 CVE-2014-5008 CVE-2008-7313 nagios: snoopy: incomplete fixes fo...
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nagios
Version: el6
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Keiran Smith
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: fst_owner=dcafaro, fst_ping=3
Keywords: Security, SecurityTracking
Depends On:
Blocks: CVE-2008-7313, CVE-2014-5008, CVE-2014-5009
TreeView+ depends on / blocked
 
Reported: 2014-07-21 06:13 UTC by Murray McAllister
Modified: 2017-07-23 02:20 UTC (History)
11 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2017-07-23 02:20:49 UTC
sparks: needinfo? (affix)
dac: needinfo? (affix)
dac: needinfo? (affix)
dac: needinfo? (affix)


Attachments (Terms of Use)

Description Murray McAllister 2014-07-21 06:13:16 UTC
This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s).  This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.

Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.

NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time.  If you need to fix the versions independent of each
other, you may clone this bug as appropriate.

[bug automatically created by: add-tracking-bugs]

Comment 1 Murray McAllister 2014-07-21 06:13:35 UTC
Use the following update submission link to create the Bodhi request for
this issue as it contains the top-level parent bug(s) as well as this
tracking bug.  This will ensure that all associated bugs get updated when
new packages are pushed to stable.

IMPORTANT: ensure that the "Close bugs when update is stable" option
remains checked.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1121497,1121500

Comment 3 Eric Christensen 2015-04-23 12:56:39 UTC
Can an update be pushed for this package?

Comment 4 David A. Cafaro 2015-06-16 13:09:47 UTC
Any status on an update for this package?

Comment 5 David A. Cafaro 2015-08-05 13:46:17 UTC
Still needs an update.

Comment 6 David A. Cafaro 2015-10-11 02:35:10 UTC
This appears to be covered by these updates:

https://bugzilla.redhat.com/show_bug.cgi?id=1121499

Comment 7 David A. Cafaro 2015-10-15 00:42:52 UTC
I'm pretty sure this is covered by the full nagios update that went out in Sept. linked in the comment above.  Can someone confirm this?

Comment 8 Scott Wilkerson 2015-10-15 13:36:33 UTC
David,

You are correct, this will be covered by these updates, however, additional work needs to be done before it is pushed as there are a couple problems with the current builds in QA on bodhi.

I hope to get to them tomorrow and get a new package build that can be pushed.

Comment 9 David A. Cafaro 2015-11-26 03:57:30 UTC
Just checking in on updates to this.

Comment 10 David A. Cafaro 2015-12-06 02:09:54 UTC
This is waiting on this update https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156

Comment 11 David A. Cafaro 2016-03-16 12:54:34 UTC
This appears to still be hanging out there, please address the bodhi issues.  Thanks.

Comment 12 Fedora Update System 2017-02-09 17:27:51 UTC
nagios-4.2.4-3.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-270f6f4375

Comment 13 Fedora Update System 2017-02-10 22:40:19 UTC
nagios-4.2.4-4.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-acd2c2af0d

Comment 14 Fedora Update System 2017-02-11 16:17:34 UTC
nagios-4.2.4-4.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-acd2c2af0d

Comment 15 Fedora Update System 2017-05-11 19:15:42 UTC
nagios-4.3.2-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1f2571d162

Comment 16 Fedora Update System 2017-05-12 19:51:12 UTC
nagios-4.3.2-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1f2571d162

Comment 17 Fedora Update System 2017-06-14 18:59:21 UTC
nagios-4.3.2-3.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-16880697fe

Comment 18 Fedora Update System 2017-06-15 09:46:43 UTC
nagios-4.3.2-3.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-16880697fe

Comment 19 Fedora Update System 2017-06-28 19:27:29 UTC
nagios-4.3.2-5.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-328a23d1ed

Comment 20 Fedora Update System 2017-06-30 01:16:29 UTC
nagios-4.3.2-5.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-328a23d1ed

Comment 21 Fedora Update System 2017-07-23 02:20:49 UTC
nagios-4.3.2-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.