Christoph Anton Mitterer <calestyo> reports: Package: pnp4nagios-bin Version: 0.6.16-1 Severity: important Tags: security Hi. Marking as severity important as it might have security implications. process_perfdata.cfg shouldn't be world-readable. Event though not used per default in Debian, it contains the "KEY" option which may be used (in alternative to "KEY_FILE") to hold the Gearman shared secret. Cheers, Chris. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683879 Please note that this affects 0.6 only, 0.4 doesn't support KEYS. # A shared password which will be used for # encryption of data pakets. Should be at least 8 # bytes long. Maximum length is 32 characters. # KEY = should_be_changed
Created pnp4nagios tracking bugs for this issue Affects: fedora-17 [bug 846091]
Created pnp4nagios tracking bugs for this issue Affects: epel-6 [bug 846093]