Re: 01/01: gnu: Add Nagios.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 01/01: gnu: Add Nagios.

From:	Leo Famulari
Subject:	Re: 01/01: gnu: Add Nagios.
Date:	Fri, 30 Dec 2016 14:52:16 -0500
User-agent:	Mutt/1.7.2 (2016-11-26)

On Wed, Nov 30, 2016 at 10:31:09PM +0000, Ludovic Court�s wrote:
> civodul pushed a commit to branch master
> in repository guix.
> 
> commit d30e578a0011b05d1e7d8b3ba7ee38588eba301c
> Author: Ludovic Courtès <address@hidden>
> Date:   Wed Nov 30 23:26:57 2016 +0100
> 
>     gnu: Add Nagios.
>     
>     * gnu/packages/monitoring.scm: New file.
>     * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.

> +    (version "4.0.8")
> +    ;; XXX: Newer versions such as 4.2.3 bundle a copy of AngularJS.

This version of Nagios includes some severe security vulnerabilities:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9565

They allow remote attackers to read and write arbitrary files (leading
to remote code execution) or to escalate privilege to the superuser.

What should we do?

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: 01/01: gnu: Add Nagios., Leo Famulari <=
- Re: 01/01: gnu: Add Nagios., Ludovic Courtès, 2016/12/31
- Re: 01/01: gnu: Add Nagios., Ludovic Courtès, 2016/12/31

Prev by Date: [PATCH 3/4] gnu: gnome-tweak-tool: Make propagated-inputs just inputs
Next by Date: [PATCH] gnu: Add emacs-git-gutter
Previous by thread: riscv cross toolchain - C_INCLUDE_PATH
Next by thread: Re: 01/01: gnu: Add Nagios.
Index(es):
- Date
- Thread