--ReaqsoxgOBHFXBhH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
hi ethan,
any care to comment on this? i'm really swamped right now and just
spent all of last weekend fixing 4 CVE's for mysql, so i would really
appreciate it if you (or someone else on the list) could forward
my the relevant patch from the 1.x branch if/when it exists so we
can prepare an update for the debian sarge and woody packages.
sean
----- Forwarded message from Stefan Fritsch -----
Date: Wed, 10 May 2006 13:23:59 +0200 (CEST)
=46rom: Stefan Fritsch
To: [email protected]
Subject: [Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in
nagios
Package: nagios2
Severity: grave
Justification: user security hole
Tags: security
CVE-2006-2162:
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before
2.3 allows remote attackers to execute arbitrary code via a negative
content length (Content-Length) HTTP header.
See http://cve.mitre.org/cgi-bin/cvename.cg ... -2006-2162
_______________________________________________
Pkg-nagios-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/ ... gios-devel
----- End forwarded message -----
--=20
--ReaqsoxgOBHFXBhH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEYgdRynjLPm522B0RAnvQAJ9FLVPGsfBnZMwOBhL7J11mZeRnCQCfRDjT
MwLtnz7EPcTSm9e8UuudjAc=
=F9Xm
-----END PGP SIGNATURE-----
--ReaqsoxgOBHFXBhH--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]