News

=========================================================== Ubuntu Security Notice USN-532-1 October 22, 2007 nagios-plugins vulnerability CVE-2007-5198 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: nagios-plugins 1.4.2-5ubuntu3.1 nagios-plugins-basic 1.4.2-5ubuntu3.1 nagios-plugins-standard 1.4.2-5ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. (CVE-2007-5198) Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.