Package: nagios4 Version: 4.4.6-4.1 Severity: grave Tags: patch security Justification: renders package unusable X-Debbugs-Cc: Debian Security Team <[email protected]>
Dear Maintainer, After running into segfaulting nagioses last Friday, I found that this was caused by a combination "check_for_updates=1" in the default Debian /etc/nagios4/nagios.cfg, and a faulty API response: https://github.com/NagiosEnterprises/nagioscore/issues/1041 I believe this parameter should be set to 0 in the default Debian config, as it would prevent nagios from phoning home and submitting information. But it would also prevent nagios from crashing on bugs in the code that handles the phoning home. -- System Information: Debian Release: 13.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.48+deb13-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages nagios4 depends on: ii nagios4-cgi 4.4.6-4.1 ii nagios4-common 4.4.6-4.1 ii nagios4-core 4.4.6-4.1 nagios4 recommends no packages. Versions of packages nagios4 suggests: pn nagios-nrpe-plugin <none> -- no debconf information
