Red Hat Bugzilla – Bug 469974
nagios: update to version 3.0.5
Last modified: 2008-11-26 01:19:40 EST
Description of problem:
Nagios 3.0.5 has just been released.
Major changes (from http://www.nagios.org/development/history/nagios-3x.php)
3.0.5 - 11/04/2008
* Security fix for Cross Site Request Forgery (CSRF) bug reported by Tim Starling.
* Sample audio files for CGIs removed from distribution
* Fix for mutliline config file continuation bug
* Minor fix to RPM spec file
* Fix for AIX compiler warnings
* Minor sample config file fix
* Added documentation on CGI security issues
Someone should really update Nagios to version 3.0.5.
This is a security update. Details are available here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028 (under review)
On it now.
nagios-3.0.5-1.fc10 has been submitted as an update for Fedora 10.
(In reply to comment #2)
Should actually be CVE-2008-5027, overall problem with CSRF is not yet fully resolved in 3.0.5:
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.
More information and reason for this action is here:
nagios-3.0.5-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.