===================================================================== CERT-Renater Note d'Information No. 2008/VULN491 _____________________________________________________________________ DATE : 07/11/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Nagios. ====================================================================== http://news.gmane.org/gmane.network.nagios.announce ______________________________________________________________________ From: Ethan Galstad nagios.org> Subject: Nagios 3.0.5 Released Newsgroups: gmane.network.nagios.announce Date: 2008-11-04 22:42:56 GMT (2 days, 10 hours and 42 minutes ago) Nagios 3.0.5 has just been released and can be obtained from: http://www.nagios.org/download This release includes security fixes for a possible Cross Site Request Forgery reported by Wikimedia. Thanks to Mark Young, Andreas Ericsson, Hendrik Baeker, and Tim Starling for patches, testing, and doc updates! The Changelog is listed below: 3.0.5 - 11/04/2008 ------------------ * Security fix for Cross Site Request Forgery (CSRF) bug reported by Tim Starling. * Sample audio files for CGIs removed from distribution * Fix for mutliline config file continuation bug * Minor fix to RPM spec file * Fix for AIX compiler warnings * Minor sample config file fix * Added documentation on CGI security issues - Ethan Galstad ------------------------------------------------------------------------- ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================