Bugzilla – Bug 845536
VUL-0: CVE-2013-4215 CVE-2013-4214 : nagios/nagios-plugins: temp file problem in check_ipxping and in rss-newsfeed.php
Last modified: 2013-10-14 20:36:17 UTC
via oss-sec CVE-2013-4214 CVE-2013-4215 References: https://bugzilla.redhat.com/show_bug.cgi?id=958002 https://bugzilla.redhat.com/show_bug.cgi?id=957482 http://comments.gmane.org/gmane.comp.security.oss.general/10818 Some Nagios /tmp vulns (no reply from upstream) No reply from upstream, these are both non critical so making public. Does anyone know the best way to contact Nagios upstream for security issues? Nagios: https://bugzilla.redhat.com/show_bug.cgi?id=958002 http://tracker.nagios.org/view.php?id=450 Please use CVE-2013-4214 for this issue. Nagios-plugins: https://bugzilla.redhat.com/show_bug.cgi?id=957482 http://tracker.nagios.org/view.php?id=451 Please use CVE-2013-4215 for this issue. Both reported by Grant Murhphy (gmurphy@...) of Red Hat.
i checked SLE11 , nagios and nagios-plugins seem unaffected by these two issues. so it is just opensuse to fix, if at all.
Neither check_ipxping nor rss-newsfeed.php are part of our nagios-plugins packages. So closing here as invalid. Thanks for keeping an eye on it!