Source: nagios4 Version: 4.3.4-2 Severity: important Tags: patch security upstream
Hi, The following vulnerabilities were published for nagios4. CVE-2018-13441[0]: | qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL | pointer dereference vulnerability, which allows attacker to cause a | local denial-of-service condition by sending a crafted payload to the | listening UNIX socket. CVE-2018-13457[1]: | qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer | dereference vulnerability, which allows attackers to cause a local | denial-of-service condition by sending a crafted payload to the | listening UNIX socket. CVE-2018-13458[2]: | qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer | dereference vulnerability, which allows attackers to cause a local | denial-of-service condition by sending a crafted payload to the | listening UNIX socket. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-13441 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13441 [1] https://security-tracker.debian.org/tracker/CVE-2018-13457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13457 [2] https://security-tracker.debian.org/tracker/CVE-2018-13458 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13458 [3] https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76 Regards, Salvatore
