diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-05 09:01:55 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-04-17 08:45:33 +0000 |
commit | bc591804416645cfa8daae8a4d4ab036ba72a402 (patch) | |
tree | 007fba1b8040a99dae6662caafbc408db14facb3 /main/nagios | |
parent | 6499c73a4c09c49fabf2c744656defc5b0f7aa96 (diff) | |
download | aports-bc591804416645cfa8daae8a4d4ab036ba72a402.tar.bz2 aports-bc591804416645cfa8daae8a4d4ab036ba72a402.tar.xz |
main/nagios: security fix for CVE-2013-7108, CVE-2013-7205
fixes #2621
Diffstat (limited to 'main/nagios')
-rw-r--r-- | main/nagios/APKBUILD | 24 | ||||
-rw-r--r-- | main/nagios/CVE-2013-7108-CVE-2013-7205.patch | 193 |
2 files changed, 212 insertions, 5 deletions
diff --git a/main/nagios/APKBUILD b/main/nagios/APKBUILD index e07a0f6496..5686299a89 100644 --- a/main/nagios/APKBUILD +++ b/main/nagios/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=nagios pkgver=3.5.0 -pkgrel=0 +pkgrel=1 pkgdesc="Popular monitoring tool" url="http://www.nagios.org/" arch="all" @@ -13,13 +13,24 @@ makedepends="gd-dev pkgconfig perl-dev libpng-dev libjpeg perl-net-snmp" source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz nagios.confd nagios.initd - lighttpd-nagios.conf" + lighttpd-nagios.conf + CVE-2013-7108-CVE-2013-7205.patch + " subpackages="${pkgname}-web" pkgusers="nagios" pkggroups="nagios" _builddir="$srcdir/$pkgname" +prepare() { + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + build() { cd "$_builddir" ./configure --prefix=/usr \ @@ -62,12 +73,15 @@ web() { md5sums="aeef195d2033cc362bf6cb972bcc8f07 nagios-3.5.0.tar.gz 431dfe7403323e247a88b97beade5d78 nagios.confd 2ead8695b32222abe922692664aa9de1 nagios.initd -d63c36f47d26f1f71ae2faf272eec640 lighttpd-nagios.conf" +d63c36f47d26f1f71ae2faf272eec640 lighttpd-nagios.conf +b095b0e14de61a956af41c6969675e35 CVE-2013-7108-CVE-2013-7205.patch" sha256sums="469381b2954392689c85d3db733e8da4bd43b806b3d661d1a7fbd52dacc084db nagios-3.5.0.tar.gz cfd075243bfca803f4aa254022a0a40cd4180fb4d433e16333b74e7bcef8cf0b nagios.confd e287556e9c73faf60f988a75866119596352e4fb8fe132a887f45f2930a6ae46 nagios.initd -dba2583022f8d0e6c9457d3cb333f3ce872b9f1c11075bc69fccdf1bbb0e6083 lighttpd-nagios.conf" +dba2583022f8d0e6c9457d3cb333f3ce872b9f1c11075bc69fccdf1bbb0e6083 lighttpd-nagios.conf +5c7d1bd5d64a3a4ac9e27e97063462e00b4c60478279f97abe2390f91ebc1ce3 CVE-2013-7108-CVE-2013-7205.patch" sha512sums="80f79b85b286dcd4153bff134fd7b88a46ef130a39c17e2263c7e3614a507be0e630e62032f31500c18c920c856e2f4f4e4ebd4c94bb3024b203a9bb744584b4 nagios-3.5.0.tar.gz 8575902dcb7252f195847f9997b424c1ef9bee7dfacdd124c922fc119f583923c34847ce77c505783662d91f7290b1a85dc5e382ac50d177406bfb3876d4e40a nagios.confd 2b7c9677e15b1e33a56b6d65ce6c489e019ddf2d777c3798a7b3082e61584ca4cd2630cdf177710b38f2780873dd0f2333e3e769633e402332043a129137d50b nagios.initd -6f1448db1964e378dbc7460a6d321638f4d0f7a08bc078824edca12fb6653fb0200b3be365fa519e7b2ff566802701878975bb97e65d65dc54d3da34dae21588 lighttpd-nagios.conf" +6f1448db1964e378dbc7460a6d321638f4d0f7a08bc078824edca12fb6653fb0200b3be365fa519e7b2ff566802701878975bb97e65d65dc54d3da34dae21588 lighttpd-nagios.conf +189b62e9d351dd85ec40f5a3b93e9e28c5aaf6a21c8d1682c63114d2d6d13a6d13962a1ac68250aea3f6b0f51e85ab4eb79b6d6eb9e473a5c49971b520e7fd86 CVE-2013-7108-CVE-2013-7205.patch" diff --git a/main/nagios/CVE-2013-7108-CVE-2013-7205.patch b/main/nagios/CVE-2013-7108-CVE-2013-7205.patch new file mode 100644 index 0000000000..119e80a122 --- /dev/null +++ b/main/nagios/CVE-2013-7108-CVE-2013-7205.patch @@ -0,0 +1,193 @@ +From d97e03f32741a7d851826b03ed73ff4c9612a866 Mon Sep 17 00:00:00 2001 +From: Eric Stanley <estanley@nagios.com> +Date: Fri, 20 Dec 2013 13:14:30 -0600 +Subject: [PATCH] CGIs: Fixed minor vulnerability where a custom query could + crash the CGI. + +Most CGIs previously incremented the input variable counter twice when +it encountered a long key value. This could cause the CGI to read past +the end of the list of CGI variables. This commit removes the second +increment, removing the possibility of reading past the end of the list +of CGI variables. +--- + cgi/avail.c | 1 - + cgi/cmd.c | 1 - + cgi/config.c | 1 - + cgi/extinfo.c | 1 - + cgi/histogram.c | 1 - + cgi/notifications.c | 1 - + cgi/outages.c | 1 - + cgi/status.c | 1 - + cgi/statusmap.c | 1 - + cgi/statuswml.c | 7 ++++++- + cgi/summary.c | 1 - + cgi/trends.c | 1 - + contrib/daemonchk.c | 1 - + 13 files changed, 6 insertions(+), 13 deletions(-) + +diff --git a/cgi/avail.c b/cgi/avail.c +index 76afd86..64eaadc 100644 +--- a/cgi/avail.c ++++ b/cgi/avail.c +@@ -1096,7 +1096,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/cmd.c b/cgi/cmd.c +index fa6cf5a..50504eb 100644 +--- a/cgi/cmd.c ++++ b/cgi/cmd.c +@@ -311,7 +311,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/config.c b/cgi/config.c +index f061b0f..3360e70 100644 +--- a/cgi/config.c ++++ b/cgi/config.c +@@ -344,7 +344,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/extinfo.c b/cgi/extinfo.c +index 62a1b18..5113df4 100644 +--- a/cgi/extinfo.c ++++ b/cgi/extinfo.c +@@ -591,7 +591,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/histogram.c b/cgi/histogram.c +index 4616541..f6934d0 100644 +--- a/cgi/histogram.c ++++ b/cgi/histogram.c +@@ -1060,7 +1060,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/notifications.c b/cgi/notifications.c +index 8ba11c1..461ae84 100644 +--- a/cgi/notifications.c ++++ b/cgi/notifications.c +@@ -327,7 +327,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/outages.c b/cgi/outages.c +index 426ede6..cb58dee 100644 +--- a/cgi/outages.c ++++ b/cgi/outages.c +@@ -225,7 +225,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/status.c b/cgi/status.c +index 3253340..4ec1c92 100644 +--- a/cgi/status.c ++++ b/cgi/status.c +@@ -567,7 +567,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/statusmap.c b/cgi/statusmap.c +index ea48368..2580ae5 100644 +--- a/cgi/statusmap.c ++++ b/cgi/statusmap.c +@@ -400,7 +400,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/statuswml.c b/cgi/statuswml.c +index bd8cea2..d25abef 100644 +--- a/cgi/statuswml.c ++++ b/cgi/statuswml.c +@@ -226,8 +226,13 @@ int process_cgivars(void) { + + for(x = 0; variables[x] != NULL; x++) { + ++ /* do some basic length checking on the variable identifier to prevent buffer overflows */ ++ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { ++ continue; ++ } ++ + /* we found the hostgroup argument */ +- if(!strcmp(variables[x], "hostgroup")) { ++ else if(!strcmp(variables[x], "hostgroup")) { + display_type = DISPLAY_HOSTGROUP; + x++; + if(variables[x] == NULL) { +diff --git a/cgi/summary.c b/cgi/summary.c +index 126ce5e..749a02c 100644 +--- a/cgi/summary.c ++++ b/cgi/summary.c +@@ -725,7 +725,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/cgi/trends.c b/cgi/trends.c +index b35c18e..895db01 100644 +--- a/cgi/trends.c ++++ b/cgi/trends.c +@@ -1263,7 +1263,6 @@ int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + +diff --git a/contrib/daemonchk.c b/contrib/daemonchk.c +index 78716e5..9bb6c4b 100644 +--- a/contrib/daemonchk.c ++++ b/contrib/daemonchk.c +@@ -174,7 +174,6 @@ static int process_cgivars(void) { + + /* do some basic length checking on the variable identifier to prevent buffer overflows */ + if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { +- x++; + continue; + } + } +-- +1.8.4.3 + |