Bug 469974 - nagios: update to version 3.0.5
nagios: update to version 3.0.5
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: nagios (Show other bugs)
10
All Linux
high Severity high
: ---
: ---
Assigned To: Mike McGrath
Fedora Extras Quality Assurance
:
Depends On:
Blocks: CVE-2008-5027
  Show dependency treegraph
 
Reported: 2008-11-04 18:22 EST by Jose Pedro Oliveira
Modified: 2008-11-26 01:19 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-26 01:19:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jose Pedro Oliveira 2008-11-04 18:22:00 EST
Description of problem:
Nagios 3.0.5 has just been released.


Additional info:
Major changes (from http://www.nagios.org/development/history/nagios-3x.php)

3.0.5 - 11/04/2008

    * Security fix for Cross Site Request Forgery (CSRF) bug reported by Tim Starling.
    * Sample audio files for CGIs removed from distribution
    * Fix for mutliline config file continuation bug
    * Minor fix to RPM spec file
    * Fix for AIX compiler warnings
    * Minor sample config file fix
    * Added documentation on CGI security issues
Comment 1 Jose Pedro Oliveira 2008-11-17 20:56:02 EST
Someone should really update Nagios to version 3.0.5.

This is a security update. Details are available here:

  http://article.gmane.org/gmane.network.nagios.devel/5708
Comment 2 Jose Pedro Oliveira 2008-11-17 22:05:25 EST
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028  (under review)
Comment 3 Jose Pedro Oliveira 2008-11-24 14:13:22 EST
ping (SECURITY)
Comment 4 Mike McGrath 2008-11-24 14:29:03 EST
On it now.
Comment 5 Fedora Update System 2008-11-24 16:26:06 EST
nagios-3.0.5-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/nagios-3.0.5-1.fc10
Comment 6 Tomas Hoger 2008-11-25 02:48:00 EST
(In reply to comment #2)
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5028

Should actually be CVE-2008-5027, overall problem with CSRF is not yet fully resolved in 3.0.5:
  http://www.openwall.com/lists/oss-security/2008/11/13/2
Comment 7 Bug Zapper 2008-11-25 23:47:20 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 Fedora Update System 2008-11-26 01:19:34 EST
nagios-3.0.5-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.