The following security updates has been released for Debian 7 LTS:
[DLA 460-1] file security update
[DLA 461-1] nagios3 security update
[DLA 460-1] file security update
[DLA 461-1] nagios3 security update
[DLA 460-1] file security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : file
Version : 5.11-2+deb7u9
CVE ID : CVE-2015-8865
A malformed magic file could trigger a segmentation fault and thus crash
applications due to a buffer over-write in the file_check_mem function.
For Debian 7 "Wheezy", this problem has been fixed in version
5.11-2+deb7u9.
We recommend that you upgrade your file packages.
[DLA 461-1] nagios3 security update
Package : nagios3
Version : 3.4.1-3+deb7u2
CVE ID : CVE-2014-1878
A stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c
in Nagios, a monitoring and management system for hosts, services and
networks, allowed remote attackers to cause a denial of service
(segmentation fault) via a long message to cmd.cgi.
For Debian 7 "Wheezy", this problem has been fixed in version
3.4.1-3+deb7u2.
We recommend that you upgrade your nagios3 packages.
