Bug 136187 - [PATCH]: net-mgmt/nagios update to address security vulnerability
[PATCH]: net-mgmt/nagios update to address security vulnerability
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Any Any
: Normal Affects Only Me
Assigned To: Wesley Shields
Depends on:
  Show dependency treegraph
Reported: 2009-06-30 16:10 UTC by Wesley Shields
Modified: 2009-07-14 14:00 UTC (History)
1 user (show)

See Also:

upgrade-to-3.1.2.diff (16.38 KB, patch)
2009-07-05 21:11 UTC, rea-fbsd
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Wesley Shields freebsd_committer 2009-06-30 16:10:01 UTC
net-mgmt/nagios has a command injection vulnerability. I took a quick
look at coming up with a patch in my limited time today but there are
some patching issues with the existing things in files/patch*. I want to
get this PR into the system so that the maintainer is aware of it and
can work on a solution as time permits.

The VuXML entry is available at:

I've CC'ed the maintainer on this and will work with him to make sure an
updated version hits the tree when it's ready.


How-To-Repeat: N/A
Comment 1 Edwin Groothuis freebsd_committer 2009-06-30 16:10:14 UTC
Responsible Changed
From-To: freebsd-ports-bugs->wxs

Submitter has GNATS access (via the GNATS Auto Assign Tool)
Comment 2 Edwin Groothuis freebsd_committer 2009-06-30 16:10:16 UTC
Maintainer of net-mgmt/nagios,

Please note that PR ports/136187 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:

Edwin Groothuis via the GNATS Auto Assign Tool
Comment 3 Edwin Groothuis freebsd_committer 2009-06-30 16:10:18 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 4 rea-fbsd 2009-07-05 21:11:59 UTC
Gentlemen, good day.

I had updated the current port to 3.1.2 and tested the updated port
on two my Nagios masters, one running embedded Perl interpreter
and another one running without Perl.  No regressions were seen up
to now.  Updated port also builds fine on my Tinderbox for 6.x, 7.x
and 8.x.
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
    {_.-``-'         {_/            #
Comment 5 jarrod 2009-07-09 10:46:23 UTC
A patch to resolve CVE-2009-2288 in net-mgmt/nagios can be found at:

Comment 6 Wesley Shields freebsd_committer 2009-07-13 15:49:12 UTC
State Changed
From-To: feedback->closed

Closed with the commit of the patch in ports/136374
Comment 7 dfilter freebsd_committer 2009-07-14 13:54:35 UTC
wxs         2009-07-14 12:54:20 UTC

  FreeBSD ports repository

  Modified files:
    net-mgmt/nagios      Makefile 
  Added files:
    net-mgmt/nagios/files patch-cgi-statuswml.c 
  - Address command injection vulnerability
  PR:             ports/136187
  Submitted by:   Jarrod Sayers <jarrod@netleader.com.au>
  Security:       3ebd4cb5-657f-11de-883a-00e0815b8da8
  Revision  Changes    Path
  1.80      +1 -1      ports/net-mgmt/nagios/Makefile
  1.1       +51 -0     ports/net-mgmt/nagios/files/patch-cgi-statuswml.c (new)
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"