FEDORA-EPEL-2021-0d9a06b878 created by tartina 6 months ago for Fedora EPEL 7
unpushed

Fix for CVE-2020-13977 BZ1849087 Fix systemd unit file permissions BZ1676334 Update to 4.4.6

This update has been submitted for testing by tartina.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

This update's test gating status has been changed to 'waiting'.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago
User Icon kenyon provided feedback 6 months ago
BZ#1676334 /usr/lib/systemd/system/nagios.service marked executable; please remove executable permission bits
User Icon tjyang commented & provided feedback 6 months ago
karma

I see the fix here. chmod -x /builddir/build/BUILDROOT/nagios-4.4.6-2.el7.x86_64/usr/lib/systemd/system/nagios.service

BZ#1676334 /usr/lib/systemd/system/nagios.service marked executable; please remove executable permission bits
BZ#1829114 nagios-4.4.6 is available
BZ#1849087 CVE-2020-13977 nagios: URL injection (post-authentication) vulnerability [epel-all]

This update has been pushed to testing.

6 months ago
User Icon tjyang commented & provided feedback 6 months ago

Here is my fresh install test notes

  • on CentOS Linux release 7.9.2009 (Core)
  • yum install nagios --enablerepo=epel-testing
  • yum install -y nagios-plugins-load nagios-plugins-users nagios-plugins-http nagios-plugins-disk nagios-plugins-ssh nagios-plugins-swap nagios-plugins-procs --enablerepo=epel-testing
  • testing existing default config files come with pkg.

[root@centos7t01 ~]# nagios -v /etc/nagios/nagios.cfg

Nagios Core 4.4.6 Copyright (c) 2009-present Nagios Core Development Team and Community Contributors Copyright (c) 1999-2009 Ethan Galstad Last Modified: 2020-04-28 License: GPL

Website: https://www.nagios.org Reading configuration data... Read main config file okay... Error: Could not open config directory '/etc/nagios/conf.d' for reading. Error: Invalid max_check_attempts value for host 'localhost' Error: Could not register host (config file '/etc/nagios/objects/localhost.cfg', starting on line 21) Error processing object config files!

One or more problems was encountered while processing the config files...

Check your configuration file(s) to ensure that they contain valid
directives and data definitions.  If you are upgrading from a previous
version of Nagios, you should be aware that some variables/definitions
may have been removed or modified in this version.  Make sure to read

the HTML documentation regarding the config files, as well as the 'Whats New' section to find out what has changed.

[root@centos7t01 ~]#

User Icon tjyang commented & provided feedback 6 months ago

Following 3 steps to have a localhost entry to see localhost got monitor from http://localhost/nagios/ * yum install nagios-plugins-ping * mkdir /etc/nagios/conf.d && chgrp nagios /etc/nagios/conf.d * systemctl start nagios httpd

User Icon tjyang commented & provided feedback 6 months ago

nagios-4.4.6 on fedora-34 is OK using my extra post-install notes above.

User Icon tjyang commented & provided feedback 6 months ago

sorry, I tested on fedora-33, not 34.

User Icon tartina commented & provided feedback 6 months ago

/etc/nagios/conf.d was a mistake, see #1504306. I accidentally pulled it in again using autosetup, as it was not commented out in patch list. That directory shouldn't be used. I'm making a new release of nagios to fix all these problems

This update has been unpushed.

User Icon tjyang commented & provided feedback 6 months ago

Thanks @tartina


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
6 months ago
in testing
6 months ago
BZ#1676334 /usr/lib/systemd/system/nagios.service marked executable; please remove executable permission bits
0
1
BZ#1829114 nagios-4.4.6 is available
0
0
BZ#1849087 CVE-2020-13977 nagios: URL injection (post-authentication) vulnerability [epel-all]
0
0

Automated Test Results