[Bug 1279826] Re: CVE-2013-7108

[Marc Deslauriers]

** Also affects: nagios3 (Ubuntu Wily)
   Importance: Undecided
   Status: New

** Also affects: icinga (Ubuntu Wily)
   Importance: Undecided
   Status: Fix Released

** Also affects: nagios3 (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: icinga (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: nagios3 (Ubuntu Vivid)
   Importance: Undecided
   Status: New

** Also affects: icinga (Ubuntu Vivid)
   Importance: Undecided
   Status: New

** Also affects: nagios3 (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: icinga (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: icinga (Ubuntu Precise)
   Status: New => Confirmed

** Changed in: icinga (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: icinga (Ubuntu Trusty)
   Status: New => Fix Released

** Changed in: icinga (Ubuntu Vivid)
   Status: New => Fix Released

** Changed in: nagios3 (Ubuntu Precise)
   Importance: Undecided => Low

** Changed in: nagios3 (Ubuntu Precise)
   Status: New => Confirmed

** Changed in: nagios3 (Ubuntu Trusty)
   Importance: Undecided => Low

** Changed in: nagios3 (Ubuntu Trusty)
   Status: New => Confirmed

** Changed in: nagios3 (Ubuntu Vivid)
   Importance: Undecided => Low

** Changed in: nagios3 (Ubuntu Vivid)
   Status: New => Confirmed

** Changed in: nagios3 (Ubuntu Wily)
   Importance: Undecided => Low

** Changed in: nagios3 (Ubuntu Wily)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios3 in Ubuntu.
https://bugs.launchpad.net/bugs/1279826

Title:
  CVE-2013-7108

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icinga/+bug/1279826/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1279826] Re: CVE-2013-7108

[Simon Déziel]

Seems like there was some confusion here. CVE-2013-7106 affected Icinga
only but CVE-2013-7108 affects both Icinga and Nagios3.

CVE-2013-7108 is still unpatched for Nagios3

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7106

** Also affects: nagios3 (Ubuntu)
   Importance: Undecided
   Status: New

** Description changed:

- Seems like the version shipped in Ubuntu Precise suffers from CVE-2013-7106 
(buffer overflows)
+ Seems like the version shipped in Ubuntu Precise suffers from CVE-2013-7108 
(buffer overflows)
  1) Description:   Ubuntu 12.04.4 LTS
  Release:  12.04
  2) apt-cache policy icinga
  icinga:
-   Installed: 1.6.1-2
-   Candidate: 1.6.1-2
-   Version table:
-  *** 1.6.1-2 0
- 500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
- 100 /var/lib/dpkg/status
+   Installed: 1.6.1-2
+   Candidate: 1.6.1-2
+   Version table:
+  *** 1.6.1-2 0
+ 500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
+ 100 /var/lib/dpkg/status
  
  A lot of info plus patches exist here:
  https://dev.icinga.org/issues/5251

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios3 in Ubuntu.
https://bugs.launchpad.net/bugs/1279826

Title:
  CVE-2013-7108

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icinga/+bug/1279826/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs