Errata overview
Errata ID 363
Date 2016-12-21
Source package nagios3
Fixed in version 3.4.1-3.54.201612191342
This update addresses the following issues:
* A stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c
  in Nagios allows remote attackers to cause a denial of service
  (segmentation fault) via a long message to cmd.cgi(CVE-2014-1878)
* MagpieRSS, as used in the front-end component in Nagios Core might allow
  remote attackers to read or write to arbitrary files by spoofing a crafted
  response from the Nagios RSS feed server.  NOTE: this vulnerability
  exists because of an incomplete fix for CVE-2008-4796 (CVE-2016-9565)
* base/logging.c in Nagios Core before 4.2.4 allows local users with access
  to an account in the nagios group to gain root privileges via a symlink
  attack on the log file.  NOTE: this can be leveraged by remote attackers
  using CVE-2016-9565 (CVE-2016-9566)
Additional notes
CVE ID CVE-2014-1878
UCS Bug number #37088