openSUSE Security Update : icinga (openSUSE-SU-2014:0097-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- imported upstream version 1.10.2

- includes fix for possible denial of service in CGI
executables: CVE-2013-7108 (bnc#856837)

- core: Add an Icinga syntax plugin for Vim #4150 - LE/MF

- core: Document dropped options
log_external_commands_user and event_profiling_enabled
#4957 - BA

- core: type in spec file on ido2db startup #5000 - MF

- core: Build fails: xdata/xodtemplate.c requires stdint.h
#5021 - SH

- classic ui: fix status output in JSON format not
including short and long plugin output properly #5217 -
RB

- classic ui: fix possible buffer overflows #5250 - RB

- classic ui: fix Off-by-one memory access in
process_cgivars() #5251 - RB

- idoutils: idoutils oracle compile error #5059 - TD

- idoutils: Oracle update script 1.10.0 failes while
trying to drop nonexisting index #5256 - RB

- imported upstream version 1.10.1

- core: add line number information to config verification
error messages #4967 - GB

- core/idoutils: revert check_source attribute due to
mod_gearman manipulating in-memory checkresult list
#4958 - MF

** classic ui/idoutils schema: functionality is kept
only for Icinga 2 support

- classic ui: fix context help on mouseover in cmd.cgi
(Marc-Christian Petersen) #4971 - MF

- classic ui: correction of colspan value in status.cgi
(Bernd Arnold) #4961 - MF

- idoutils: fix pgsql update script #4953 - AW/MF

- idoutils: fix logentry_type being integer, not unsigned
long (thx David Mikulksi) #4953 - MF

- fixed file permission of icingastats - bnc#851619

- switch to all unhandled problems per default in
index.html

See also :

http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html
https://bugzilla.novell.com/show_bug.cgi?id=834828
https://bugzilla.novell.com/show_bug.cgi?id=851619
https://bugzilla.novell.com/show_bug.cgi?id=856837

Solution :

Update the affected icinga packages.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75394 ()

Bugtraq ID:

CVE ID: CVE-2013-7108

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now