Errata overview
Errata ID 32
Date 2017-05-17
Source package nagios3
Fixed in version 3.2.1-2.57.201612191626
This update addresses the following issues:
* A stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c
  in Nagios allows remote attackers to cause a denial of service
  (segmentation fault) via a long message to cmd.cgi(CVE-2014-1878)
* The update check has been removed (related to CVE-2016-9565)
* base/logging.c in Nagios Core before 4.2.4 allows local users with access
  to an account in the nagios group to gain root privileges via a symlink
  attack on the log file.  NOTE: this can be leveraged by remote attackers
  using CVE-2016-9565 (CVE-2016-9566)
Additional notes
CVE ID CVE-2014-1878
UCS Bug number #33822