Debian Security Advisory
DLA-60-1 icinga -- LTS security update
- Date Reported:
- 24 Sep 2014
- Affected Packages:
- icinga
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-7108, CVE-2014-1878.
- More information:
-
Two fixes for the Classic UI:
- fix off-by-one memory access in process_cgivars() (CVE-2013-7108)
- prevent possible buffer overflows in cmd.cgi (CVE-2014-1878)
For Debian 6
Squeeze
, these issues have been fixed in icinga version 1.0.2-2+squeeze2