----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Ubuntu update for nagios2

SECUNIA ADVISORY ID:
SA33320

VERIFY ADVISORY:
http://secunia.com/advisories/33320/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Cross Site Scripting

WHERE:
>From remote

OPERATING SYSTEM:
Ubuntu Linux 8.04
http://secunia.com/advisories/product/18611/

DESCRIPTION:
Ubuntu has issued an update for nagios2. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions or by malicious people to conduct
cross-site request forgery attacks.

For more information:
SA32543
SA32610

SOLUTION:
Apply updated packages and restart nagios.

-- Ubuntu 8.04 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4.diff.gz
Size/MD5: 37439 1e9c238bb21704f42d6275c31cf99108
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4.dsc
Size/MD5: 1174 99b9d7ca524be867d538f8f39d52f0cf
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11.orig.tar.gz
Size/MD5: 1741962 058c1f4829de748b42da1b584cccc941

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-common_2.11-1ubuntu1.4_all.deb
Size/MD5: 61506 c4f5c96b1c8be0e58c362eb005efba9c
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_2.11-1ubuntu1.4_all.deb
Size/MD5: 1135002 0515ced55e66978706203bdac4055b39

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_amd64.deb
Size/MD5: 1640150 d23994c62750473a55138f10935318b6
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_amd64.deb
Size/MD5: 1106218 d2ca0e16009ae6738cae6efd29f243df

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_i386.deb
Size/MD5: 1552138 4a165fc1202e3dcc4c7af4eeaa8f14cb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_i386.deb
Size/MD5: 987174 73ba6b8faef90259a965ad3c2aee176e

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_lpia.deb
Size/MD5: 1586750 161d8bbc1d2f8251aa0888c326152763
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_lpia.deb
Size/MD5: 999124 984199f0814041fb1d3be332c78a1084

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_powerpc.deb
Size/MD5: 1609376 fc3975c98bf065371fd8a0230d1007c5
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_powerpc.deb
Size/MD5: 1109530 a5e36a48935587ccfc565376a5ea58fa

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.4_sparc.deb
Size/MD5: 1448326 2fc971f58d9891abd1d2babe018742ef
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.4_sparc.deb
Size/MD5: 989588 158c615af339c126f07fcc8b3e05480a

ORIGINAL ADVISORY:
USN-698-3:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-December/000815.html

OTHER REFERENCES:
SA32543:
http://secunia.com/advisories/32543/

SA32610:
http://secunia.com/advisories/32610/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------