openSUSE Recommended Update: This Nagios upgrade sums up multiple security fixes and other important ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:0786-1 Rating: low References: Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This Nagios upgrade sums up multiple security fixes and other important changes. Security issues fixed in this upgrade: * bsc#1172794 / CVE-2020-13977: Fixed postauth vulnerabilities in histogram.js, map.js, trends.js * bsc#989759 / CVE-2016-6209 : The "corewindow" parameter has been disabled by default * bsc#1014637 / CVE-2016-9566 : Fixed another root privilege escalation * bsc#1182398 : nagios_upgrade.sh writing to log file in user controlled directory Additional fixes: * bsc#1003362 : new nagios-exec-start-post script * Fixed Map display in Internet Explorer 11 * Fixed duplicate properties appearing in statusjson.cgi * Fixed build process when using GCC 10 * Fixed HARD OK states triggering on the maximum check attempt ~ Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2021-786=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): nagios-4.4.6-bp151.4.6.1 nagios-contrib-4.4.6-bp151.4.6.1 nagios-devel-4.4.6-bp151.4.6.1 nagios-www-4.4.6-bp151.4.6.1 nagios-www-dch-4.4.6-bp151.4.6.1 - openSUSE Backports SLE-15-SP1 (noarch): nagios-theme-exfoliation-4.4.6-bp151.4.6.1 References: