Multiple vulnerabilities have been found in Nagios, the worst of which could lead to the remote execution of arbitrary code.
|Package||net-analyzer/nagios-core on all architectures|
|Affected versions||< 4.3.3|
|Unaffected versions||>= 4.3.3|
Nagios is an open source host, service and network monitoring program.
Multiple vulnerabilities have been discovered in Nagios. Please review the referenced CVE identifiers for details.
A remote attacker could possibly escalate privileges to root, thus allowing the execution of arbitrary code, by leveraging CVE-2016-9565. Additionally, a local attacker could cause a Denial of Service condition against arbitrary processes due to the improper dropping of privileges.
There is no known workaround at this time.
All Nagios users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-4.3.3"