CVE-2014-1878

Publication date 28 February 2014

Last updated 24 July 2024


Ubuntu priority

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

Status

Package Ubuntu Release Status
icinga 17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily
Not affected
15.04 vivid
Not affected
14.10 utopic
Not affected
14.04 LTS trusty Not in release
13.10 saucy Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
nagios3 17.04 zesty
Fixed 3.5.1.dfsg-2.1ubuntu5
16.10 yakkety
Fixed 3.5.1.dfsg-2.1ubuntu3.1
16.04 LTS xenial
Fixed 3.5.1.dfsg-2.1ubuntu1.1
15.10 wily Ignored end of life
15.04 vivid Ignored end of life
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 3.5.1-1ubuntu1.1
13.10 saucy Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
icinga