469974 – nagios: update to version 3.0.5

Bug 469974 - nagios: update to version 3.0.5

Summary: nagios: update to version 3.0.5

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nagios
Sub Component:
Version:	10
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Mike McGrath
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CVE-2008-5027
TreeView+	depends on / blocked

Reported:	2008-11-04 23:22 UTC by Jose Pedro Oliveira
Modified:	2008-11-26 06:19 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-11-26 06:19:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jose Pedro Oliveira 2008-11-04 23:22:00 UTC

Description of problem:
Nagios 3.0.5 has just been released.


Additional info:
Major changes (from http://www.nagios.org/development/history/nagios-3x.php)

3.0.5 - 11/04/2008

    * Security fix for Cross Site Request Forgery (CSRF) bug reported by Tim Starling.
    * Sample audio files for CGIs removed from distribution
    * Fix for mutliline config file continuation bug
    * Minor fix to RPM spec file
    * Fix for AIX compiler warnings
    * Minor sample config file fix
    * Added documentation on CGI security issues

Comment 1 Jose Pedro Oliveira 2008-11-18 01:56:02 UTC

Someone should really update Nagios to version 3.0.5.

This is a security update. Details are available here:

  http://article.gmane.org/gmane.network.nagios.devel/5708

Comment 2 Jose Pedro Oliveira 2008-11-18 03:05:25 UTC

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028  (under review)

Comment 3 Jose Pedro Oliveira 2008-11-24 19:13:22 UTC

ping (SECURITY)

Comment 4 Mike McGrath 2008-11-24 19:29:03 UTC

On it now.

Comment 5 Fedora Update System 2008-11-24 21:26:06 UTC

nagios-3.0.5-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/nagios-3.0.5-1.fc10

Comment 6 Tomas Hoger 2008-11-25 07:48:00 UTC

(In reply to comment #2)
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028

Should actually be CVE-2008-5027, overall problem with CSRF is not yet fully resolved in 3.0.5:
  http://www.openwall.com/lists/oss-security/2008/11/13/2

Comment 7 Bug Zapper 2008-11-26 04:47:20 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 8 Fedora Update System 2008-11-26 06:19:34 UTC

nagios-3.0.5-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.