=====================================================================

                              CERT-Renater

                   Note d'Information No. 2023/VULN047

_____________________________________________________________________

DATE                : 02/02/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nagios versions prior to 5.9.3.

=====================================================================
https://www.nagios.com/downloads/nagios-xi/change-log/
_____________________________________________________________________


5.9.3 - 02/01/2023

     Fixed possible timing attack when using insecure ticket
authentication (Thanks to Kevin Joensen of CSIS for reporting
this issue) (CVE-2023-24035) -SAW
     Fixed open redirect in Twilio component (Thanks Kevin Joensen
and CSIS) (CVE-2023-24036) -SAW
     Improve authentication token and salt generation (Thanks Kevin
Joensen and CSIS) (CVE-2023-24037) -SAW
     Deprecate Debian 9 and Ubuntu 16.04 due to end-of-life
[GL:XI#27] - SNS
     Update default php resource values [GL:XI#28] - SNS
     Fixed bad text wrapping in Availability Report graphs
[GL:XI#73] -DA


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================