openSUSE Security Update: update for nagstamon ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1235-1 Rating: moderate References: #829217 Cross-References: CVE-2013-4114 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - update to 0.9.10: + added fullscreen option + added Thruk support + added Check_MK cookie-based auth + added new Centreon autologin option + added configurable default sort order + added filter for hosts in hard/soft state for Nagios, Icinga, Opsview and Centreon + added $STATUS-INFO$ variable for custom actions + added audio alarms also in fullscreen mode + improved update interval set in seconds instead minutes + improved Icinga JSON support + improved Centreon 2.4 xml/broker support + improved Nagios 3.4 pagination support + improved nicer GTK theme Murrine on MacOSX + fixed security bug + fixed some memory leaks + fixed superfluous passive icon for Check_MK + fixed blocking of shutdown/reboot on MacOSX + fixed saving converted pre 0.9.9 config immediately + fixed statusbar position when offscreen + fixed some GUI issues + fixed update detection - this version fixes a security bug in the automatic update check (mentioned in CVE-2013-4114 and bnc #829217) - fix build on CentOS > 5 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-601 - openSUSE 12.2: zypper in -t patch openSUSE-2013-601 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (noarch): nagstamon-0.9.10-4.4.1 - openSUSE 12.2 (noarch): nagstamon-0.9.10-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-4114.html https://bugzilla.novell.com/829217