[Secure-testing-commits] r47293 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 21 19:24:00 UTC 2016
Author: carnil
Date: 2016-12-21 19:24:00 +0000 (Wed, 21 Dec 2016)
New Revision: 47293
Modified:
data/CVE/list
Log:
Update for CVE-2016-9566
Actually it is not clear if the same CVE can be used for the similar
vulnerability in icinga (beeing a fork of nagios3). Might need
clarification from MITRE if a separate CVE is needed.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-21 19:04:54 UTC (rev 47292)
+++ data/CVE/list 2016-12-21 19:24:00 UTC (rev 47293)
@@ -8361,9 +8361,14 @@
CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with ...)
{DLA-751-1}
- nagios3 <removed>
+ [jessie] - nagios3 <no-dsa> (Minor issue)
NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
NOTE: nagios < 3.5 is not vulnerable through the regular logfile, but through the debug logfile
+ - icinga <unfixed>
+ [jessie] - icinga <no-dsa> (Minor issue)
+ NOTE: https://dev.icinga.com/issues/13709
+ NOTE: https://github.com/Icinga/icinga-core/commit/e0f55bc9b17ef1db9aed7393fc34576a5b9501f0
CVE-2016-9565 (MagpieRSS, as used in the front-end component in Nagios Core before ...)
{DLA-751-1}
- nagios3 3.5.1-1
More information about the Secure-testing-commits
mailing list