Description of problem: Nagios 3.0.5 has just been released. Additional info: Major changes (from http://www.nagios.org/development/history/nagios-3x.php) 3.0.5 - 11/04/2008 * Security fix for Cross Site Request Forgery (CSRF) bug reported by Tim Starling. * Sample audio files for CGIs removed from distribution * Fix for mutliline config file continuation bug * Minor fix to RPM spec file * Fix for AIX compiler warnings * Minor sample config file fix * Added documentation on CGI security issues
Someone should really update Nagios to version 3.0.5. This is a security update. Details are available here: http://article.gmane.org/gmane.network.nagios.devel/5708
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028 (under review)
ping (SECURITY)
On it now.
nagios-3.0.5-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/nagios-3.0.5-1.fc10
(In reply to comment #2) > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028 Should actually be CVE-2008-5027, overall problem with CSRF is not yet fully resolved in 3.0.5: http://www.openwall.com/lists/oss-security/2008/11/13/2
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
nagios-3.0.5-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.