=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN231
_____________________________________________________________________

DATE                      : 09/05/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Nagios 1.x, Nagios 2.x.

======================================================================
https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890
______________________________________________________________________


New versions of both the Nagios 1.x and 2.x code branches have been
released and contain a fix for a content length (buffer) overflow that
could affect the CGIs under certain web servers (although probably not
Apache).  I would urge all users are urged to upgrade to the latest
version of the branch you're using as soon as possible.  Thanks go out
to Sebastian Krahmer of the SuSE security team for bringing this problem
to my attention.

As always, Nagios can be downloaded from:

	http://www.nagios.org/download/

Changelogs for both the 2.3 and 1.4 releases are included below.

2.3 - 05/03/2006
- ----------------
* Bug fix for negative HTTP content_length header in CGIs
* Added missing links for notes_url and action_url to service column of
status detail page


1.4 - 05/03/2006
- ----------------
* Bug fix for negative HTTP content_length header in CGIs


On another note, if you're in the Saint Paul/Minneapolis area this
weekend, sign up for the MinneBar (un)conference that is happening this
Saturday (May 6th).  I'll be there and would love to meet fellow Nagios
users.  :-)


Ethan Galstad,
Nagios Developer
- ---
Email: nagios@nagios.org
Website: http://www.nagios.org



======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================