Package: nagios Severity: grave Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-2489: "Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162." I understand that Sean is credited with the discovery and fix; I'm filing this bug to keep track of the issue. I believe this affects the Nagios package in sarge as well. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEbwm3Aud/2YgchcQRAlgmAJsFxM1WkFJAlHKWdU63reEMXBWZGgCgtbzi mEC2c5/5Mited6YpHaAx6SY= =uXcN -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

