{"id":"MGASA-2019-0104","summary":"Updated nagios packages fix security vulnerability","details":"A flaw was found in Nagios Core version 4.4.1 and earlier. The qh_help\nfunction is prone to a NULL pointer dereference vulnerability, which allows\nattacker to cause a local denial-of-service condition by sending a crafted\npayload to the listening UNIX socket (CVE-2018-13441).\n\nA flaw was found in Nagios Core version 4.4.1 and earlier. The qh_echo\nfunction is prone to a NULL pointer dereference vulnerability, which allows\nattacker to cause a local denial-of-service condition by sending a crafted\npayload to the listening UNIX socket (CVE-2018-13457).\n\nA flaw was found in Nagios Core version 4.4.1 and earlier. The qh_core\nfunction is prone to a NULL pointer dereference vulnerability, which allows\nattacker to cause a local denial-of-service condition by sending a crafted\npayload to the listening UNIX socket (CVE-2018-13458).\n\nA cross-site scripting (XSS) vulnerability has been discovered in Nagios\nCore. This vulnerability allows attackers to place malicious JavaScript\ncode into the web frontend through manipulation of plugin output. In order\nto do this the attacker needs to be able to manipulate the output returned\nby nagios checks, e.g. by replacing a plugin on one of the monitored\nendpoints. Execution of the payload then requires that an authenticated\nuser creates an alert summary report which contains the corresponding\noutput (CVE-2018-18245).\n","modified":"2026-04-16T04:41:44.022906898Z","published":"2019-03-07T16:34:45Z","upstream":["CVE-2018-13441","CVE-2018-13457","CVE-2018-13458","CVE-2018-18245"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0104.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24290"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3EGOZ3JA6TL3YUZ3XWYQ47OYQAJTWOTL/"}],"affected":[{"package":{"name":"nagios","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nagios?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.1-2.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0104.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}