This bug was fixed in the package nagios-nrpe - 2.15-1ubuntu1.1
---------------
nagios-nrpe (2.15-1ubuntu1.1) xenial; urgency=medium
* debian/rules : Add "--enable-command-args". (LP: #1555258)
This update enables the command-args support in nrpe
by not ignoring option "dont_blame_nrpe=1". By default,
the option is set as follow : "dont_blame_nrpe=0", which
has the same effect of having the command-args support
disabled at compile time like Debian does. Ubuntu has decided
to deviate from Debian upstream for that particular case to
allow/unblock the Ubuntu users of nrpe to make the choice for
themselves whether to accept the security risks that the feature
involve by manually enabling command-args in nrpe.cfg or not.
For more details as of why Debian has decided to disable the
feature can be found in debian/NEWS. (closes: #756479)
* [5bf9b20] Add 10_remote_execution_exploit_fix.dpatch patch (LP: #1555258)
As requested by the security team.
-- Eric Desrochers <[email protected]> Tue, 02 May 2017
14:21:47 -0400
** Changed in: nagios-nrpe (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** Changed in: nagios-nrpe (Ubuntu Yakkety)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1555258
Title:
Request contained command arguments
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1555258/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
