Debian 10264 Published by

The following security updates has been released for Debian 7 LTS:

[DLA 460-1] file security update
[DLA 461-1] nagios3 security update



[DLA 460-1] file security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package : file
Version : 5.11-2+deb7u9
CVE ID : CVE-2015-8865


A malformed magic file could trigger a segmentation fault and thus crash
applications due to a buffer over-write in the file_check_mem function.

For Debian 7 "Wheezy", this problem has been fixed in version
5.11-2+deb7u9.

We recommend that you upgrade your file packages.

[DLA 461-1] nagios3 security update

Package : nagios3
Version : 3.4.1-3+deb7u2
CVE ID : CVE-2014-1878


A stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c
in Nagios, a monitoring and management system for hosts, services and
networks, allowed remote attackers to cause a denial of service
(segmentation fault) via a long message to cmd.cgi.

For Debian 7 "Wheezy", this problem has been fixed in version
3.4.1-3+deb7u2.

We recommend that you upgrade your nagios3 packages.